The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes uncommitted file diffs (Step 3 and 5a), which can contain attacker-controlled content designed to influence the LLM. * Ingestion points: Reads the output of git diff and git status in SKILL.md. * Boundary markers: Absent; the instructions do not specify the use of delimiters or 'ignore' directives when interpolating diff content into the message generation prompt. * Capability inventory: The skill has shell access via Bash(git:*) to perform git add and git commit operations. * Sanitization: The skill implements regex-based sanitization to remove AI-related trailers in Step 5b and uses the AskUserQuestion tool for explicit human-in-the-loop approval before executing commits.
[COMMAND_EXECUTION]: The skill performs active command execution using git for workflow management and runs a project-specific diagnostic script (scripts/run-skill.sh) as described in Step 1c.

smart-commit