The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple shell commands to manage the git workflow, including git fetch, git merge, pnpm install, and pnpm test.
[EXTERNAL_DOWNLOADS]: The skill downloads code from the remote origin/main branch and potentially fetches third-party packages from the npm registry via pnpm install.
[REMOTE_CODE_EXECUTION]: The commands pnpm install (via lifecycle scripts) and pnpm test (via test execution) can run arbitrary code defined in the project files. These files are subject to modification from the remote branch being merged.
[INDIRECT_PROMPT_INJECTION]: This skill provides a surface for indirect prompt injection by merging external code into the agent's current working directory. 1. Ingestion points: Code is ingested from the remote origin/main branch using git fetch and git merge. 2. Boundary markers: Absent. The skill does not provide instructions to the agent to isolate or ignore instructions embedded in the incoming code. 3. Capability inventory: The agent has the ability to execute code via pnpm install and pnpm test after the merge. 4. Sanitization: Absent. The agent is instructed to manually resolve conflicts based on code quality and patterns, which is a subjective process that can be influenced by malicious code comments or structure.

git-merge-main