The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes standard local development commands, including git status, git diff, and git commit. It also runs quality checks via npm run lint, npm run typecheck, and npm test. These operations are limited to the local environment and the project's own configuration.
[CREDENTIALS_UNSAFE]: The skill incorporates a proactive security scan as part of its workflow. It specifically instructs the agent to check staged changes for hardcoded secrets, API keys, and sensitive comments (TODO, FIXME, HACK) before proceeding with a commit, which acts as a safeguard against data exposure.
[PROMPT_INJECTION]: The skill processes untrusted content by reading file diffs, which creates a surface for indirect prompt injection. Ingestion points: Staged changes and git diff output in SKILL.md. Boundary markers: None. Capability inventory: git operations and npm script execution in SKILL.md. Sanitization: None; however, the agent's actions are restricted to version control and quality assurance, and the risk is considered mitigated by the primary purpose of the tool.

smart-commit