The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): Uses git commands (diff, log, show) to inspect repository changes. These are read-only operations restricted to the local environment and are essential to the skill's primary purpose.\n- [DATA_EXPOSURE] (SAFE): Accesses local file content and git logs for analysis. No network operations (curl, wget) or exfiltration patterns were detected.\n- [PROMPT_INJECTION] (LOW): Contains an Indirect Prompt Injection surface (Category 8) because it processes untrusted code changes that could contain malicious instructions. Evidence: 1. Ingestion: Untrusted data enters via git diff and file read operations. 2. Boundary markers: Absent; no explicit delimiters or warnings to ignore embedded instructions are present in the main skill file. 3. Capability inventory: Limited to read-only git commands and file reading; no file-write, network-write, or code-execution capabilities are provided to the agent. 4. Sanitization: No evidence of sanitization or escaping for the ingested code content. Severity is LOW because the skill lacks the capabilities (write/execute) required for high-impact exploitation.

inspecting-changes