The Agent Skills Directory

[SAFE]: The skill utilizes dynamic context injection to show the current branch and repository status when loaded. This is a legitimate use case for development tools and does not involve exfiltration or unauthorized access.\n- [COMMAND_EXECUTION]: The skill executes standard Git commands and a local helper script (detect-chain.sh) for branch management. The script follows secure practices, such as using temporary directories with traps for cleanup and quoting variables to prevent shell injection.\n- [PROMPT_INJECTION]: An indirect prompt injection surface is present as the agent processes branch names and conflict file content. However, the risk is minimal and inherent to development tasks. Evidence chain: 1. Ingestion: Branch names from git branch and file content during conflict resolution. 2. Boundaries: Absent. 3. Capabilities: Shell execution of git, bash, and preflight tools. 4. Sanitization: The detect-chain.sh script sanitizes branch names when used as filenames and uses quoted variables.

rebase-downstream