The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes git log and internal python scripts via subprocess calls using argument lists. This is the intended behavior for repository analysis and is implemented without using vulnerable shell execution patterns.
[PROMPT_INJECTION]: The skill processes untrusted data from git history, such as commit messages and author metadata, creating an indirect prompt injection attack surface.
Ingestion points: Repository history is ingested via git log in scripts/build_ownership_map.py and scripts/community_maintainers.py.
Boundary markers: The skill does not use specific boundary markers or 'ignore' instructions when formatting the extracted git metadata into CSV and JSON outputs.
Capability inventory: The skill generates structured data (CSV, JSON) and graph files; it performs file system writes to a user-defined output directory but does not have network access or administrative capabilities.
Sanitization: There is no evidence of sanitization or filtering applied to the git metadata before it is presented to the agent for analysis.
[EXTERNAL_DOWNLOADS]: The skill documentation includes instructions to install the networkx library, which is a well-known and widely used Python package for graph analysis.

security-ownership-map