The Agent Skills Directory

[Indirect Prompt Injection] (MEDIUM): The skill is susceptible to indirect prompt injection via untrusted git commit history. * Ingestion points: Git commit messages and repository history are processed as inputs. * Boundary markers: Absent; there are no instructions to delimit or ignore embedded commands within the commit data. * Capability inventory: The skill reads repository history and suggests writing results to the local filesystem (CHANGELOG.md). * Sanitization: None identified. A malicious actor could craft a commit message containing instructions that the LLM might follow, such as including phishing links or altering the summary logic.
[No Executable Code] (SAFE): No executable scripts or dependency manifests (e.g., package.json, requirements.txt) were provided, which eliminates immediate risks of Remote Code Execution or local file exfiltration through code execution.

release-notes-composer