The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses variables derived from repository content (branch names, commit messages) in shell commands such as git checkout -b "$branch_name" and git push. Although the instructions warn against concatenating untrusted filenames, the reliance on LLM-generated strings in shell environments remains a potential injection vector.
[DATA_EXFILTRATION]: The skill is designed to push local repository data to remote servers via git push and create pull requests using gh pr create. Users should ensure destination remotes are trusted to avoid unintentional data exposure.
[PROMPT_INJECTION]: Category 8 (Indirect). The skill reads and summarizes local file contents to automate workflow steps. Malicious instructions embedded in the files being processed could influence the generated branch names or commit descriptions. The skill also explicitly requests to "reduce confirmations" to single-word answers, which decreases user oversight and increases the risk of the agent performing unintended actions based on malicious file content.
Ingestion points: git diff, git status, and file content analysis referenced in SKILL.md.
Boundary markers: Not explicitly defined for delimiting the diff or content analysis from instructions.
Capability inventory: git checkout, git add, git commit, git push, and gh pr create commands throughout SKILL.md.
Sanitization: Includes a text-based instruction for the agent to avoid concatenating untrusted filenames, but lacks explicit validation or escaping logic.

smart-git-automation