The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill relies on multiple shell scripts and Node.js scripts to perform git operations. The script scripts/create-daily-report-pr.sh executes potentially destructive commands like git push --force and interacts with the GitHub CLI (gh).
[DATA_EXFILTRATION] (MEDIUM): The skill is designed to send local repository data (commit summaries, code snippets, and structural analysis) to a remote GitHub repository. While this is the intended purpose, the capability could be repurposed for exfiltration if the Agent is misdirected.
[PROMPT_INJECTION] (LOW): (Category 8: Indirect Prompt Injection) The skill processes untrusted content from git commit history which could contain malicious instructions.
Ingestion points: The workflow uses generate-json.js (referenced in SKILL.md) to extract data from git commits, including subjects and code snippets.
Boundary markers: The references/report-template.md and SKILL.md do not define clear delimiters or instructions for the Agent to ignore embedded commands within the commit data it processes.
Capability inventory: The skill has file-write access and network-write capabilities via git push and gh pr create in scripts/create-daily-report-pr.sh.
Sanitization: While validate-report.js is used for 'truthfulness' checks, there is no evidence of sanitization to filter out prompt injection attempts hidden in commit messages.
[CREDENTIALS_UNSAFE] (LOW): The script scripts/create-daily-report-pr.sh requires a sensitive environment variable APP_TOKEN. While it is not hardcoded, the management of this token is a security boundary that must be maintained by the host environment.

git-changes-reporter