The Agent Skills Directory

Indirect Prompt Injection (MEDIUM): The skill is designed to analyze code changes to generate commit messages. This creates an attack surface where a malicious file content or diff could contain instructions aimed at the agent.
Ingestion points: Uses git diff and git status --porcelain to read file contents and state.
Boundary markers: None specified. The agent processes the raw output of git commands.
Capability inventory: Has Bash access to run git add and git commit, which can modify the repository state.
Sanitization: No explicit sanitization or filtering of diff content is provided before analysis.
Command Execution (LOW): The skill relies on the Bash tool to execute system commands. While the instructions provide a 'Git Safety Protocol' to restrict behavior (e.g., no force pushes), these are natural language constraints and not technical enforcements. The use of $(cat <<'EOF' ... EOF) for multi-line commits is a positive security pattern as the quoted 'EOF' prevents shell expansion of the generated message.

git-commit