The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): This skill is susceptible to Indirect Prompt Injection (Category 8) because its core function is to process git commit messages, which are untrusted external inputs. A malicious actor could craft a commit message containing instructions to override the agent's logic. • Ingestion points: Git commit logs and git history accessed via shell commands. • Boundary markers: Absent; no delimiters or explicit instructions are provided to the agent to treat commit content as untrusted data. • Capability inventory: The agent is granted the capability to execute shell commands (git) and write to local files (CHANGELOG.md). • Sanitization: Absent; the skill does not specify any validation or filtering of commit content before it is transformed and written to disk.
[Command Execution] (MEDIUM): The skill requires the agent to execute shell commands to interact with the git repository. While necessary for functionality, this capability presents a risk if the agent's instruction set is subverted by a prompt injection attack, potentially allowing for broader system access or unauthorized operations.

changelog-generator