The Agent Skills Directory

[SAFE]: The skill is designed for local git repository management and does not exhibit any patterns of data exfiltration, external downloads, or privilege escalation. The author context aligns with the provided metadata.
[COMMAND_EXECUTION]: The skill executes git, python3, and bash commands as part of its documented workflow. Python scripts, such as scripts/build_rebase_todo.py, use subprocess calls with argument lists rather than shell strings, which effectively mitigates the risk of command injection.
[PROMPT_INJECTION]: The skill ingests user-provided commit mappings from commit_rewrite_mapping.md. This is a vulnerability surface for indirect prompt injection, which is evaluated here as safe due to the implementation details of the processing scripts.
Ingestion points: The agent and local scripts read the commit_rewrite_mapping.md file in the project root during Phase 3.
Boundary markers: The process relies on the Markdown table structure; no explicit delimiters or instructions are used to separate user-provided content from agent prompts.
Capability inventory: The skill facilitates git rebase and git filter-branch operations, along with file writes to /tmp and execution of the included scripts.
Sanitization: The supporting Python scripts parse the Markdown table and treat the content as literal text for commit subjects, ensuring that input data is not interpreted as executable commands or agent instructions.

pavlo-commit-rewriter