The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local git commands (status, diff, add, commit) to manage the repository state. This is the intended and primary function of the tool.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it reads untrusted data from the repository (file contents and diffs) to draft commit messages. However, it mitigates the risk of this data being used for command execution by using quoted HEREDOCs ('EOF') when running the git commit command, which prevents the shell from expanding or executing any malicious subshells or variables contained in the message.
Ingestion points: Reads file diffs via git diff and accesses untracked file contents in Step 3.
Boundary markers: The agent is instructed to parse the diff specifically for metadata relevant to commit conventions.
Capability inventory: Performs git add and git commit operations based on analyzed data.
Sanitization: Uses 'EOF' quoting in the commit shell template to neutralize potential shell injection payloads within generated messages.
[SAFE]: The skill implements protective measures, including a hard rule to check for and warn about the inclusion of sensitive files (secrets, PEM keys, credential files) in the commit set. It also explicitly prohibits high-risk or destructive actions such as pushing, amending, or rewriting Git history.

commit-changes