The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides numerous command-line examples using git and gh (GitHub CLI) to extract repository data. These commands utilize shell features like command substitution $(...) and piping | to process output. This behavior is consistent with the skill's primary purpose of repository automation.- [EXTERNAL_DOWNLOADS]: The skill documentation recommends the installation of git-cliff via cargo install or brew install. While git-cliff is a well-known open-source tool for changelog generation, it is a third-party dependency not included in the trusted vendor list.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes data from untrusted sources (commit messages and PR titles).
Ingestion points: Commit messages retrieved via git log and Pull Request titles/labels fetched via gh pr list as described in SKILL.md.
Boundary markers: There are no boundary markers or delimiters defined in the command templates to differentiate between legitimate commit data and potentially malicious instructions embedded in commit messages.
Capability inventory: The skill environment supports shell command execution (git, gh, git-cliff) and network access via the GitHub CLI.
Sanitization: No sanitization, escaping, or validation is performed on the commit messages or PR titles before they are presented to the agent or output to files.

changelog-automation