The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the system's git binary to perform repository management tasks, including fetching from origin, switching branches, and performing rebases. All destructive operations are gated by mandatory user confirmation steps.
[DATA_EXPOSURE]: The skill reads local repository metadata, such as branch lists and commit logs, which are required for its primary function. No sensitive files (e.g., .env, .ssh) are accessed.
[INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted content from the repository environment.
Ingestion points: Processes output from git branch, git status, and git log which could contain attacker-controlled strings in branch names or commit messages.
Boundary markers: No specific delimiters or instructions are used to separate git output from the agent's core instructions.
Capability inventory: The agent can execute git rebase and git push, which are used to modify the repository state.
Sanitization: No explicit sanitization or validation of the ingested git metadata is performed before logic processing.

krt-rebase-smith