The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to read and follow rules defined in untrusted repository files. \n- Ingestion points: The skill reads AGENTS.md files and git diff outputs. \n- Boundary markers: None are present to separate instructions in the codebase from the skill's own logic. \n- Capability inventory: The skill can execute git commit, git push, and repository-specific validation commands. \n- Sanitization: Content read from the files is not sanitized or escaped. \n- [COMMAND_EXECUTION]: The skill executes local shell commands using git and is instructed to 'Run the narrowest relevant check first', which may involve executing scripts or binaries present in the local repository environment.

ag-atomic-commit