The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/commit-classifier.py executes the git log command using subprocess.run to retrieve commit history. This is an intended and necessary functionality for the skill. The command arguments are passed as a list, which prevents shell-based command injection vulnerabilities.
[PROMPT_INJECTION]: The skill processes external data from git commit messages to generate documentation. This represents an indirect prompt injection surface (Category 8). However, the risk is mitigated as the skill uses structured JSON parsing between the classification and formatting steps, and the agent's instructions focus on objective summarization of the history. This is considered a benign, inherent part of the skill's functionality.

changelog-writer