The Agent Skills Directory

[PROMPT_INJECTION] (LOW): The skill exhibits a surface for Indirect Prompt Injection through its changelog generation feature.
Ingestion points: Git commit history (untrusted data) is read by scripts/changelog_generator.py in Step 4.
Boundary markers: The instructions do not define delimiters or warnings for the agent to ignore instructions embedded within commit messages.
Capability inventory: The skill has access to Bash (command execution), Write (file modification), and can perform git push operations.
Sanitization: There is no evidence of sanitization or filtering applied to the commit messages before they are processed by the generator or presented to the agent.
[COMMAND_EXECUTION] (SAFE): The skill executes several local scripts (scripts/detect_project.py, scripts/update_version.py, scripts/sync_unity_version.py, scripts/git_operations.py) and uses the gh CLI. These operations are essential for the primary purpose of version and release management and do not appear to involve untrusted remote sources or dynamic code generation.

auto-release-manager