The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple shell commands including gh, npm, pnpm, git, grep, rg, and node -e to fetch security data, search local source code for imports, and manage dependencies.
[EXTERNAL_DOWNLOADS]: The skill fetches vulnerability information from the GitHub Advisory API and downloads package artifacts from the NPM registry to perform automated changelog analysis. These sources are considered trusted developer infrastructure.
[PROMPT_INJECTION]: The skill handles untrusted external data from security advisories and package changelogs, creating a surface for indirect prompt injection. The skill implements strong mitigations by requiring explicit human confirmation at multiple stages before any file edits or commits are performed.
Ingestion points: GitHub Dependabot alert payloads, GitHub Release notes, and CHANGELOG.md files extracted from downloaded NPM packages.
Boundary markers: The workflow includes multiple 'PAUSE' and 'Safety interlock' steps where the agent must wait for explicit user approval. It also instructs the agent to surface specific keywords like BREAKING or DEPRECATED verbatim to the user.
Capability inventory: The skill can perform file writes (modifying package.json), execute package installation commands (npm install, pnpm install), and perform git operations (branching, committing, and opening PRs).
Sanitization: Data from external APIs is parsed using structured tools like jq and node -e rather than being directly interpolated into shell commands.

dependabot-triage