The Agent Skills Directory

[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests untrusted data from external Git repositories. * Ingestion points: The agent processes output from commands like git status, git log, and git diff, as well as the content of files during conflict resolution (SKILL.md). * Boundary markers: There are no explicit markers or instructions provided to separate the untrusted repository data from the agent's primary instructions. * Capability inventory: The agent has the capability to execute shell commands (git, gh, glab), modify project files, and push data to remote servers (SKILL.md). * Sanitization: No sanitization or validation logic is specified for the data retrieved from the repository.
[COMMAND_EXECUTION]: The skill utilizes several CLI tools including git, the GitHub CLI (gh), and the GitLab CLI (glab) to perform its functions. It includes a safety control by advising the agent to confirm with the user before performing destructive operations like force-pushing or rebasing.

version-control