The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands including git blame, grep, and the vendor-specific entire utility. The instructions explicitly mandate the use of the -- separator and the -F (fixed strings) flag for grep to prevent command injection from user-provided snippets or file paths. Additionally, it specifies using the system-installed version of the entire binary rather than any executable found within the repository, which mitigates the risk of executing untrusted local binaries.
[DATA_EXFILTRATION]: The skill accesses repository file content and git history to provide provenance. It utilizes a vendor-owned tool (entire) to fetch additional context for commits. This behavior is consistent with the skill's stated purpose and relies on the author's own infrastructure.
[PROMPT_INJECTION]: The skill provides instructions for summarizing agent transcripts and commit messages. While this creates a surface for indirect prompt injection (where malicious instructions could be embedded in commit history), the skill instructs the agent to treat this output as intermediate source material for summarization rather than instructions to follow, and the underlying shell commands are protected against injection.

what-happened