The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes standard shell commands such as git, cat, and grep to inspect repository tags, commit logs, and project configuration files (e.g., package.json, pyproject.toml, Cargo.toml). These operations are used appropriately to analyze project history and are confined to the local repository environment.
[PROMPT_INJECTION]: The skill processes untrusted data from git commit messages, author names, and branch names, creating a surface for indirect prompt injection.
Ingestion points: Git commit messages, body content, and author metadata extracted via git log commands in Phase 3.
Boundary markers: Absent; the instructions do not implement specific delimiters or safety instructions to prevent the agent from obeying commands embedded within commit messages.
Capability inventory: The skill executes shell commands (git, cat) and performs file system operations (writing to CHANGELOG.md).
Sanitization: Absent; commit data is parsed and summarized without filtering for instruction-like patterns. This is a common risk for tools that process user-generated logs, but the impact is localized to the generated documentation.

changelog-generator