The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses user-provided $ARGUMENTS and local branch names directly in shell commands such as git checkout <BRANCH_DESTINO>. If these inputs contain shell metacharacters (e.g., semicolons, backticks), they could lead to unintended command execution in the host environment.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through external data processed at runtime.
Ingestion points: User-supplied input via $ARGUMENTS and repository metadata retrieved via git branch and git submodule status in SKILL.md.
Boundary markers: None; external content is interpolated directly into commands and presented to the agent without delimiters or safety warnings.
Capability inventory: The skill executes various git and bash commands, including file system navigation, stashing, and repository state modification across multiple directories (SKILL.md).
Sanitization: No input validation or shell escaping is performed on the data before it is used to construct executable commands.

lf-git-checkout