The Agent Skills Directory

[SAFE]: The skill implements the SZZ (Śliwerski-Zimmermann-Zeller) algorithm for software repository mining. No obfuscation, data exfiltration, or malicious instructions were found.
[COMMAND_EXECUTION]: The scripts/szz_analyzer.py script executes git commands via subprocess.run using argument lists. This method avoids the use of shell=True, preventing shell injection vulnerabilities from malicious repository paths or commit hashes.
[INDIRECT_PROMPT_INJECTION]: The skill processes external data such as commit messages and code diffs. While this is an ingestion surface for untrusted data, the script uses standard library parsing and provides structured output, minimizing the risk of the agent misinterpreting data as instructions.

szz-bug-introducing-commit-identifier