The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes arbitrary project-defined scripts from the package manifest as part of its quality gate automation.
Evidence: In SKILL.md and references/changeset-and-commit.md, the agent is instructed to run npm run lint, npm run typecheck, npm test, and npm run format.
Context: While these are standard development tasks, they involve executing local code which may be untrusted in certain environments.
[PROMPT_INJECTION]: The skill processes untrusted data which could contain malicious instructions designed to influence the agent's behavior (Indirect Prompt Injection).
Ingestion points: Untrusted data enters the context via git log --oneline -10 in SKILL.md (Step 1) and via gh run view --log-failed in references/ci-polling.md.
Boundary markers: The skill does not implement delimiters or 'ignore' instructions for the ingested commit messages or CI logs.
Capability inventory: The skill possesses significant capabilities including file writing (cat > .changeset/...), git operations (git commit/push), and pull request management (gh pr merge).
Sanitization: No sanitization or validation of the ingested external content is performed before the agent uses it to generate summaries or diagnose failures.

autoship