The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill executes common development commands like npm test or make test. These actions are necessary for the primary purpose of verifying code before integration and are executed within the local repository context.
[DATA_EXFILTRATION] (SAFE): Usage of the GitHub CLI (gh) to create pull requests is a core feature and does not involve unauthorized data movement.
[PROMPT_INJECTION] (SAFE): The skill does not contain instructions that attempt to override agent constraints. Its use of external data (commit titles) is a standard functional requirement. Ingestion points: SKILL.md reads commit titles via git log and project configs like package.json. Boundary markers: None are used for the interpolated commit title in the PR creation command. Capability inventory: SKILL.md contains bash snippets that execute git, gh, and test runners (npm, make, etc.). Sanitization: The TITLE variable is wrapped in double quotes in the shell command but not explicitly sanitized for instruction patterns. This is considered a low-risk surface inherent to the tool's purpose.

finishing-a-development-branch