The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data such as git commit messages and code diffs which are then passed to an AI model for analysis. This creates an attack surface for indirect prompt injection where malicious content embedded in commit messages could potentially attempt to influence the AI's categorization or output. The risk is minimized by the use of XML-like boundary markers and the limited scope of the output (generating documentation).
Ingestion points: Commit details and diffs are extracted from the local repository (scripts/analyze_git_changes.py) or fetched from GitLab (scripts/fetch_gitlab_mr.py).
Boundary markers: The analysis prompt in references/analysis_prompts.md uses structured tags like , , and <file_list> to isolate untrusted data.
Capability inventory: The skill performs git operations, network requests to the project's GitLab instance, and generates markdown files.
Sanitization: The skill does not perform explicit filtering of commit message content before analysis.
[CREDENTIALS_UNSAFE]: The skill requires a GitLab private token for MR fetching functionality. It correctly instructs users to provide this via environment variables (GITLAB_TOKEN or GITLAB_PRIVATE_TOKEN) rather than hardcoding secrets, which is a standard and safe practice for CLI tools.

create-merge-request-changelog