The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Python subprocess module to execute git commands for repository management and metadata retrieval. Commands are constructed using lists rather than shell strings, which prevents command injection vulnerabilities.
[EXTERNAL_DOWNLOADS]: The skill interacts with the official GitHub repository for NVIDIA/Megatron-LM. This is a well-known and expected external source for the skill's functionality.
[PROMPT_INJECTION]: The skill processes commit metadata from the upstream repository. While this creates a surface for indirect prompt injection if downstream skills process this data without validation, the mechanical collection and structured output of this skill present no inherent safety risk.

megatron-commit-tracker