The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses sensitive user identity information by running git config user.name and git config user.email in Phase 2. This data is stored and subsequently used as command-line arguments for a local script.
[COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to perform system discovery and execute a local renderer script. Specifically, it executes git config and ${CLAUDE_PLUGIN_ROOT}/scripts/render-claude-config.sh with various dynamically generated arguments.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests untrusted data that flows into a shell execution context.
Ingestion points: Developer identity strings from git config (Phase 2) and user-provided selections from AskUserQuestion (Phases 3, 4, and 6).
Boundary markers: Absent. The skill does not instruct the agent to sanitize the data or warn it about potentially malicious content embedded in the git configuration or user responses.
Capability inventory: The skill has Bash(*) capabilities used in SKILL.md to run the discovery and the final renderer script.
Sanitization: Absent. The collected variables are interpolated directly into a shell command string in Phase 7 (--developer-name, --developer-email, etc.), which could lead to argument injection or command execution if the input contains shell metacharacters.

init-config