The Agent Skills Directory

[SAFE]: The skill uses standard local command-line utilities (git and npm) to manage developer workflows. No malicious behaviors, obfuscation, or exfiltration patterns were detected.
[COMMAND_EXECUTION]: The skill is designed to execute shell commands for project-specific tasks like linting and testing (npm run lint, npm run typecheck, npm test). These are standard capabilities for the intended development use case.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the filesystem during the commit process.
Ingestion points: git diff and git status output as referenced in SKILL.md.
Boundary markers: No specific delimiters or safety instructions are used to separate untrusted diff content from the agent's instructions.
Capability inventory: The skill can execute shell commands (npm, git) and write to the repository (git commit).
Sanitization: No sanitization or validation of the input diff data is performed prior to processing.

smart-commit