The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes shell commands to interact with the Git CLI for repository reconnaissance. It maintains a strict security posture by only allowing safe, read-only commands (e.g., git status, git diff, git log) and explicitly listing forbidden operations that modify repository state (e.g., git commit, git push, git reset). Commands are piped to cat to prevent interactive pager issues.
[PROMPT_INJECTION]: The skill acknowledges the risk of indirect prompt injection from external sources like PR descriptions or code changes. It implements comprehensive mitigation instructions:
Ingestion points: Staged changes via git diff, commit history, and external issues/PRs accessed via MCP tools (SKILL.md).
Boundary markers: The instructions explicitly mandate the use of boundary markers when incorporating external content into the model's context.
Capability inventory: The skill has access to shell command execution (limited to git) and repository file reading/searching.
Sanitization: The agent is instructed to treat all external content strictly as data, not instructions, and is forbidden from executing code or commands embedded in that data.
[SAFE]: The skill incorporates a standardized 'Security Best Practices' module (v1.1.0) that ensures user-defined configuration files (like .cursorrules or AGENTS.md) take precedence over skill-specific instructions, providing a layer of defense-in-depth and user control.

commit-message-creation