The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes potentially destructive commands such as git branch -D, git push origin --delete, and git worktree remove. These operations are central to the skill's primary purpose of repository maintenance. Safety is maintained through a mandatory 'Merge Oracle' verification phase that prevents the deletion of unmerged or stranded work, and a requirement for explicit user confirmation before any deletions occur.
[INDIRECT_PROMPT_INJECTION]: The skill processes external data that could be controlled by a malicious actor, such as branch names or PR titles.
Ingestion points: Data enters via git branch listings and gh pr list JSON output in SKILL.md (Phase 1 and 2).
Boundary markers: There are no explicit text delimiters wrapping the branch data, though the logic is confined to Bash script blocks.
Capability inventory: The agent has the ability to delete local/remote branches and modify the file system via worktree removal.
Sanitization: The skill employs best practices for shell scripting, including using jq --arg for safe JSON injection and wrapping shell variables in double quotes (e.g., "$b") to prevent word splitting or command injection from malformed branch names.
[DATA_EXFILTRATION]: While the skill accesses sensitive metadata via gh auth status and gh pr list, there is no evidence of data being sent to external or untrusted domains. All network activity is restricted to standard Git and GitHub CLI operations.

release-cleanup