The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The bash script 'scripts/collect_release_changes.sh' fails to quote the '${range}' variable when calling 'git log' (lines 30 and 33). This allows a user or malicious input to inject arbitrary flags into the 'git log' command. For example, a user could provide a ref that includes '--output=/path/to/file' to write the command's output to an unauthorized location.
[PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: Untrusted commit messages are read from the repository using 'scripts/collect_release_changes.sh'. 2. Boundary markers: The script does not use delimiters or instructions to ignore embedded commands in the log output. 3. Capability inventory: Drafting and summarizing release notes. 4. Sanitization: No sanitization or filtering is performed on the commit messages before they are processed by the LLM. Impact: An attacker with commit access to the repository could embed instructions in commit messages to manipulate the agent's output.

app-store-changelog