The Agent Skills Directory

COMMAND_EXECUTION (LOW): The skill uses standard shell commands including git, grep, and ls. The use of git diff <base-sha> HEAD involves a variable that must be properly sanitized by the agent framework to prevent command injection.
PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection due to its ingestion of untrusted repository content. (1) Ingestion points: File contents from AGENTS.md, CLAUDE.md, and outputs from git diff and grep. (2) Boundary markers: Absent. No delimiters are specified to isolate untrusted data. (3) Capability inventory: Includes the ability to read project files and commit changes via git commit. (4) Sanitization: Absent. No explicit filtering or sanitization of ingested content is performed. While the skill can modify the repository, the impact is limited to documentation files.

maintaining-project-context