The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs extensive command-line operations to manage git repositories, search for documentation, and perform version bumping. Crucially, it executes deployment commands retrieved from a configuration file using bash -c, ssh, and aws ssm send-command. These commands are run with the privileges of the user and can include high-risk operations like sudo for service restarts.
[CREDENTIALS_UNSAFE]: The skill accesses potentially sensitive local files, specifically ~/.claude/collaboration.yml and ~/history.log. The collaboration configuration file is used to store deployment targets (hostnames, instance IDs) and sensitive command sequences, making it a high-value target for unauthorized access or modification.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the project repository to generate reports and commit messages.
Ingestion points: Data is read from README.md, DESIGN.md, CHANGELOG.md, and git diff outputs.
Boundary markers: The skill does not implement boundary markers or instructions to ignore embedded commands within the processed files.
Capability inventory: The agent has access to powerful tools including bash, ssh, and aws ssm, which could be exploited if malicious instructions in a repository file influence agent behavior.
Sanitization: There is no evidence of sanitization or validation of the content read from external files before interpolation into the prompt context.

git-commit