The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to perform local shell operations using the Git CLI. This includes repository status checks, staging changes, committing with generated messages, and pushing to remote branches. These commands are executed within the agent's environment to manage the user's codebase.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). The agent is tasked with reviewing 'git diff' output to generate descriptive commit messages. If a file being committed contains malicious instructions hidden in comments or strings, those instructions could be processed by the LLM during the commit message generation phase. * Ingestion points: Output from 'git diff' and 'git status' (referenced in SKILL.md and reference.md). * Boundary markers: The skill lacks explicit delimiters (like XML tags or markdown blocks) to strictly isolate untrusted file content from the agent's instructions. * Capability inventory: The skill has the capability to write to the local filesystem ('git add', 'git commit') and interact with remote servers ('git push', 'git pull'). * Sanitization: There is no evidence of sanitization or filtering of the content retrieved from Git commands before it is interpolated into the prompt for message generation.

git-workflow-sop