The Agent Skills Directory

[COMMAND_EXECUTION]: The skill dynamically extracts and executes commands found in project documentation files such as README.md, CLAUDE.md, and runbook.md during the linting phase. This behavior can be exploited by an attacker to run arbitrary malicious code if these files are modified to include harmful instructions disguised as linter commands.
[DATA_EXFILTRATION]: The use of git add -A followed by git push stages all untracked and unstaged files. This presents a risk of accidentally pushing sensitive information like environment variables, private keys, or credentials to a remote repository if the .gitignore file is missing or misconfigured.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to its reliance on unverified data for operational instructions. 1. Ingestion points: Reads commands from README.md, CLAUDE.md, CONTRIBUTING.md, and docs/project/runbook.md. 2. Boundary markers: Absent; the agent interprets documentation text directly as command sources. 3. Capability inventory: Full shell execution of discovered commands and repository-wide git operations. 4. Sanitization: Absent; the skill executes the strings it finds without validation beyond the assumption they are linting tools.

ln-003-push-all