The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is designed to execute shell commands to interact with the Git CLI. Specifically, it runs git status, git diff, git diff --cached, and git checkout -b to analyze the repository state and create new branches. These operations are core to the skill's stated functionality as a branch management tool.
[PROMPT_INJECTION]: The skill is potentially susceptible to indirect prompt injection because it ingests untrusted data from the user's source code and repository metadata via git status and git diff outputs. An attacker could place malicious instructions within code comments or file names to attempt to influence the agent's branch naming or classification logic.
Ingestion points: Output from git status and git diff commands (SKILL.md, Workflow section).
Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between git output and instructions.
Capability inventory: The agent can execute shell commands via the git CLI, specifically branch creation and checkout operations (SKILL.md, Execution Protocol section).
Sanitization: There are no mentioned mechanisms for sanitizing or escaping the data retrieved from the repository before it is processed by the model.

git-flow-branch-creator