Git Manager

The skill contains a critical shell injection vulnerability in `index.ts` where unsanitized user inputs (such as `message` and `repo`) are concatenated into a command string executed via `child_process.exec`. Additionally, `index.ts` relies on a hardcoded absolute path to a specific user's directory (`/Users/nico/...`), which is highly irregular for a portable skill bundle and suggests either environment-specific configuration or potential tampering. There is also a discrepancy between the main entry point defined in `skill.json` and the script actually invoked in the code.