The Agent Skills Directory

[SAFE]: The skill incorporates a security blocklist in config/commit-config.yaml to prevent the staging of sensitive files, including .env, credentials.json, and private keys (.pem, .key).
[COMMAND_EXECUTION]: Executes standard local Git commands (git status, git diff, git add, git commit) to analyze project changes and record them in the repository history.
[DATA_EXFILTRATION]: No network exfiltration or remote data transmission patterns were identified. All operations are confined to the local file system and version control system.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted data from the repository's file content and commit history.
Ingestion points: Data enters the agent context via output from git diff --staged and git log as described in SKILL.md.
Boundary markers: The instructions do not define specific delimiters or guidelines to isolate the diff content from the agent's logic.
Capability inventory: The skill can execute file system modifications via git add and git commit within SKILL.md.
Sanitization: No input validation or filtering is performed on the repository data before processing.

commit