The Agent Skills Directory

[SAFE]: The skill uses Python's subprocess module with argument lists (rather than shell strings) to interact with the Git CLI across all scripts (inspect_commit_style.py, draft_commit_message.py, and run_behavior_evals.py). This implementation prevents command injection vulnerabilities from repository paths or commit summaries.
[SAFE]: Data access is confined to the local repository being analyzed. The scripts read commit history and repository-local configuration files (such as CONTRIBUTING.md and .vscode/settings.json) to infer style patterns, with no evidence of unauthorized sensitive file access or external data exfiltration.
[SAFE]: Parsing logic uses structured delimiters (Unit and Record separators \x1f and \x1e) when capturing Git log output. This effectively separates metadata from content and ensures the parser is not confused by special characters within commit messages.
[SAFE]: The skill relies exclusively on the Python standard library and the local git binary, avoiding external package dependencies and the associated supply chain risks.

commit-helper