The Agent Skills Directory

COMMAND_EXECUTION (LOW): The skill is designed to execute shell commands, including git operations and project-specific maintenance tools like npm lint or pnpm format. While these are standard for development tasks, the instructions to 'use whatever the project has' could lead to the execution of malicious scripts if the agent is used on a compromised repository.
INDIRECT_PROMPT_INJECTION (LOW): (Category 8) The skill analyzes the output of git diff --cached to generate commit messages. Malicious instructions embedded in the code diff could potentially influence the agent's behavior during the commit message generation process.
Ingestion points: SKILL.md Step 2 uses git diff --cached output as the primary source for commit message generation.
Boundary markers: Absent. There are no instructions to ignore natural language instructions found within the code changes.
Capability inventory: The skill has the capability to execute shell commands (git commit, npm/pnpm/pnpm lint) and write files (Step 3.2 allows fixing issues by hand).
Sanitization: Absent. The skill does not provide mechanisms to sanitize the diff content before processing.

git-commit