The Agent Skills Directory

[COMMAND_EXECUTION]: The command template in SKILL.md uses an unquoted variable $1 to pass the changeset number to the execution environment. This allows for command injection if the input contains shell metacharacters such as semicolons, pipes, or backticks. Although the changeset.php script validates that the input is numeric, the shell execution happens before this validation takes place, enabling arbitrary command execution.
[EXTERNAL_DOWNLOADS]: The scripts/changeset.php file uses curl to fetch changeset information from https://core.trac.wordpress.org. This is an official and well-known service for WordPress development and is considered a safe source for this skill's intended purpose.
[PROMPT_INJECTION]: The skill ingests external content from WordPress Trac and converts it to Markdown. This creates a surface for indirect prompt injection where malicious instructions embedded in a commit message could potentially influence the agent's behavior.
Ingestion points: scripts/changeset.php fetches remote content via HTTP request to core.trac.wordpress.org.
Boundary markers: None; the output is echoed directly as Markdown without delimiters or instructions to ignore embedded commands.
Capability inventory: The skill has access to the Bash tool to execute scripts.
Sanitization: The script parses HTML and converts it to Markdown text but does not specifically filter for or sanitize instructional language within the commit messages.

wp-trac-changeset