The Agent Skills Directory

COMMAND_EXECUTION (LOW): The markdown_helper.py utility script invokes the system git command to extract history. Evidence: The get_git_commits function uses subprocess.run with an argument list. While this method is safer than shell=True, it allows the execution of local binaries based on user-provided tags.
PROMPT_INJECTION (LOW): The skill possesses an indirect prompt injection surface because it processes untrusted external content (Markdown files and Git commit history) and provides the output to the agent. 1. Ingestion points: scripts/markdown_helper.py reads local files via open() and git history via subprocess. 2. Boundary markers: No delimiters or instructions are used to separate untrusted content from the agent's primary instructions. 3. Capability inventory: The script can read any local file the agent has access to and execute the git binary. 4. Sanitization: No sanitization is performed on extracted headers or commit messages before they are returned to the caller. This could allow an attacker to embed malicious instructions in a document's header or a commit message to influence the agent's downstream behavior.

markdown-pro