The Agent Skills Directory

[Indirect Prompt Injection] (SAFE): The skill ingests untrusted data in the form of code diffs via git diff --staged. While this represents an injection surface where code comments could attempt to influence the agent's output, this behavior is essential to the skill's primary purpose. No evidence of exploitation or malicious instruction processing was found.
Ingestion points: git diff output processed in SKILL.md (Analysis Process).
Boundary markers: The agent is instructed to use specific formats, providing implicit boundaries.
Capability inventory: Limited to Bash and Read for local git operations.
Sanitization: Not explicitly present, but the scope is restricted to generating text for commit messages.
[Data Exposure & Exfiltration] (SAFE): The skill documents potential network access to api.github.com. This is a whitelisted domain used for fetching issue metadata, which aligns with the stated functionality of referencing issue numbers in commits.
[Command Execution] (SAFE): Use of the Bash tool is restricted to benign git commands (git diff, git add) required for functionality.

git-commit-helper