The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the repository's git logs and pull request records.
Ingestion points: The workflow extracts content from commit messages and PR descriptions using 'git log' and 'gh pr list' commands as specified in Phase 1 of the SKILL.md.
Boundary markers: No delimiters or explicit instructions to ignore potentially malicious embedded commands are present in the processing logic.
Capability inventory: The skill utilizes the 'git' and 'gh' CLI tools to retrieve project data.
Sanitization: There is no evidence of sanitization, validation, or filtering of the retrieved content before it is incorporated into the prompt or output.

changelog-composer