The Agent Skills Directory

[SAFE]: The skill includes defensive instructions to prevent the accidental exposure of sensitive data by explicitly telling the agent to exclude secrets and .claude/settings.local.json from the staging process.
[PROMPT_INJECTION]: The skill ingests untrusted data from file diffs and the $ARGUMENTS variable to generate commit messages and pull request descriptions.
Ingestion points: Staged file changes and the $ARGUMENTS variable in SKILL.md.
Boundary markers: The skill employs shell heredocs (EOF) to enclose generated content, which acts as a boundary to mitigate shell command injection.
Capability inventory: The skill uses the Bash tool to perform git and gh operations.
Sanitization: There is no evidence of explicit sanitization or validation of the ingested text before it is used in the command execution context.

commit