The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses git and gh CLI tools for repository management, which is its primary purpose. It includes a verification script (scripts/verify-git-workflow.sh) that performs read-only checks on the repository's configuration and history to ensure best practices are followed.
[EXTERNAL_DOWNLOADS]: The documentation provides instructions to install standard development tools (e.g., shellcheck, shfmt, git-absorb, difftastic) from well-known sources such as official GitHub repositories and established package managers. These downloads are part of typical environment setup for the described workflow.
[PROMPT_INJECTION]: The instructions include 'Critical Rules' designed to restrict the agent's behavior and enforce safety guardrails, such as prohibiting direct pushes to protected branches and preventing edits to Claude Code's internal cache paths. No malicious bypass or override patterns were found.
[CREDENTIALS_UNSAFE]: CI/CD templates and hook recipes include standard environment variable placeholders (e.g., ${{ secrets.GITHUB_TOKEN }}, $SNYK_TOKEN) for secret management. No hardcoded credentials or sensitive file paths were detected; the skill follows established security practices for handling secrets.

git-workflow