The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted input from git diffs, status, and logs. An attacker could embed malicious instructions in code changes to influence the agent's commit message generation process.
Ingestion points: Git diff content, status summaries, and commit history (SKILL.md).
Boundary markers: The skill lacks explicit separators or guardrail instructions to distinguish between the agent's logic and the data being analyzed.
Capability inventory: The skill has the ability to execute shell commands (git, gh) and write to the local file system.
Sanitization: There is no evidence of sanitization for the data ingested from the git environment.
[COMMAND_EXECUTION]: The skill executes shell commands for git operations and repository management. Its default 'auto' mode enables automated staging (git add -A) and pushing (git push) without explicit user approval, which could lead to accidental exposure of unvetted changes.
[DATA_EXFILTRATION]: The skill contains logic for reporting bugs by sending data to a vendor repository (huangwb8/bensz-bugs) using the GitHub CLI (gh). While this is intended as a support feature, it establishes an outbound data channel to an external repository.

git-commit