The Agent Skills Directory

[COMMAND_EXECUTION]: Several scripts, including check-updated.ts, coverage.ts, import-releases.ts, and retrofit.ts, utilize child_process.execSync to run git and GitHub CLI commands. This is standard behavior for tools managing changelog data from repository history.
[COMMAND_EXECUTION]: The scripts/import-releases.ts file performs string interpolation of the repo argument into a shell command (gh api). Lack of input sanitization on this variable presents a potential command injection surface.
[EXTERNAL_DOWNLOADS]: The import-releases.ts script retrieves release information from GitHub. This is a well-known service and the action is a documented feature of the skill.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface through the processing of untrusted repository data. * Ingestion points: Git commit subjects via git log and GitHub release bodies via gh api. * Boundary markers: No markers are present to distinguish processed data from the skill's own instructions. * Capability inventory: Includes file system write operations (fs.writeFileSync) and shell command execution (execSync). * Sanitization: Basic text filtering is implemented for noise removal, but no logic exists to prevent instruction injection.

changelog-rfc-29