The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (HIGH): Unsafe dynamic loading in src/utils/ConfigLoader.js. The loadConfigFile method (lines 48-52) uses require(configPath) to load .js configuration files (specifically changelog.config.js) from the current working directory. This allows an attacker to execute arbitrary code with the runner's privileges by placing a malicious file in a repository. \n- [PROMPT_INJECTION] (HIGH): Vulnerability to Indirect Prompt Injection (Category 8). Untrusted Git commit messages are ingested via src/core/GitAnalyzer.js and included in the output without sanitization against natural language instructions. Given the skill's capabilities to write files (ChangelogGenerator.js) and interact with the GitHub API (GitHubIntegration.js), malicious commits could manipulate an agent's subsequent behavior when it reads the generated CHANGELOG. \n- [COMMAND_EXECUTION] (MEDIUM): Subprocess interaction via simple-git. src/core/GitAnalyzer.js relies on simple-git to interact with the system's Git binary. While the library provides some protection, interacting with the underlying OS shell based on repository state presents an inherent risk surface.

changelog-generator