The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill instructs the agent to analyze output from git diff --staged, which can contain arbitrary text including malicious instructions embedded in code comments or documentation within the staged changes.
Ingestion points: Untrusted data enters the agent context through the results of the git diff --staged command suggested in SKILL.md and references/git-commands.md.
Boundary markers: Absent. The instructions do not provide the agent with delimiters (e.g., XML tags or triple backticks) or specific guidance to treat the diff content as non-instructional data.
Capability inventory: The skill is primarily focused on text generation (commit messages) and does not explicitly include scripts for network or file-system modification, though it references standard git write commands.
Sanitization: Absent. There is no mechanism described to sanitize or escape the content of the diff before it is processed by the LLM.

git-commit-helper