The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/extract_conflict_context.py uses subprocess.run to execute standard git commands (ls-files, show, rev-parse). These calls are implemented using list-based arguments without shell=True, which is the recommended safe practice for executing external commands.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) because it processes text from conflicted files that may be attacker-controlled.
Ingestion points: Conflicted file content and Git stage data are read in scripts/extract_conflict_context.py via the read_text_file and read_stage_text functions.
Boundary markers: The script provides structural labels for conflict hunks (e.g., ours, theirs, base), which provides some context separation, although it lacks explicit instructions to the agent to ignore natural language commands embedded within code sections.
Capability inventory: The script's operations are limited to read-only Git commands and local file reading; it does not include network access, filesystem write capabilities, or arbitrary code execution.
Sanitization: Content extracted from conflict markers is presented verbatim without sanitization, which is expected for its intended purpose of conflict resolution.

resolve-merge-conflicts