The Agent Skills Directory

[DATA_EXFILTRATION]: The skill scans the user's ~/code directory and its subdirectories to collect information about git repositories. This includes potentially sensitive data such as project names, local file paths, and remote repository URLs. This behavior is necessary for the skill's stated purpose of synchronizing code across machines.
[COMMAND_EXECUTION]: The skill executes a bundled bash script (scripts/scan.sh) and various git subcommands (fetch, push, pull, status, rev-parse) to manage repository states. It performs automated git push and git pull --ff-only for repositories categorized as needing updates without requiring individual user confirmation.
[PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks where malicious data stored in the local environment (e.g., repository branch names, remote names, or URLs) could be interpreted as instructions by the agent.
Ingestion points: Data is ingested from the local file system via git metadata (branch names, remote URLs) in scripts/scan.sh.
Boundary markers: Data is passed to the agent as a JSON array. The scan.sh script includes a json_escape function to prevent basic JSON structure breakage.
Capability inventory: The skill has the capability to execute shell commands (git) and access the network for pushing/pulling code.
Sanitization: Employs manual string escaping for backslashes and double quotes to ensure valid JSON output, though it does not explicitly sanitize against LLM instruction injection within those strings.

code-sync