The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to run GitHub CLI (gh) and git commands for discovering repository metadata, fetching discussion categories, and analyzing commit history.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from the target repository's environment which could contain adversarial instructions.
Ingestion points: Processes content from CHANGELOG.md, git log output, and GitHub Discussions/Issues via worker skills.
Boundary markers: Absent. The skill does not use specific delimiters or instructions to prevent the agent from obeying commands embedded in the ingested data.
Capability inventory: The skill possesses Bash execution and Skill delegation (calling worker skills) capabilities, which could be misused if an injection is successful.
Sanitization: Absent. There is no evidence of filtering, escaping, or validating the external content before it is processed by the agent.

ln-910-community-engagement