The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local shell commands using git and the glab CLI to manage branch status, inspect diffs, and create merge requests. This is the core intended functionality and uses standard, non-elevated permissions.
[DATA_EXFILTRATION]: The skill processes potentially sensitive data such as commit messages and code diffs. It mitigates risk by including explicit writing rules in references/mr-body-conventions.md that forbid the inclusion of secrets, credentials, or local environment details in the generated output.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it analyzes untrusted data from the repository (commit logs and code diffs) to generate merge request descriptions. While this could theoretically be used to influence the agent's writing style or content, the risk is minimized as the agent is instructed to focus on concrete changes and follow a specific template.

gitlab-create-mr