The Agent Skills Directory

GitHub CLI Integration: The skill utilizes the official GitHub CLI (gh) for Pull Request (PR) management and metadata retrieval. This is a secure and standard approach for repository automation, leveraging the user's existing authentication for all operations.
Git History Analysis: Local git commands are used to identify changes between release tags and branch heads. These operations are essential for the skill's primary function and are performed safely within the local repository context.
Indirect Prompt Injection Surface: The workflow processes content from PR titles and descriptions (ingestion points) fetched via the GitHub CLI in the dump-prs-since-commit.ps1 script. While this represents a surface where external content could attempt to influence the agent, the risk is low. The skill employs a structured generation process and utilizes standard repository tools (git, gh) for PR processing, with basic whitespace normalization serving as the primary sanitization of input data.
Secure File Operations: Scripts generate artifacts in a designated local directory and use relative pathing to resolve internal dependencies like member lists, ensuring that operations remain scoped to the intended repository structure.

release-note-generation