The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local git and gh CLI commands to perform code analysis and repository management. In Step 3a of the PowerShell implementation, the variable $publicPath (derived from user input) is not enclosed in quotes when passed to the git diff command. This creates a surface for command injection if a user provides a path containing shell metacharacters.
[EXTERNAL_DOWNLOADS]: The skill connects to official GitHub services to synchronize tags, pull updates, and create pull requests. These network operations are restricted to well-known GitHub infrastructure and align with the skill's primary purpose.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the repository's git history.
Ingestion points: Data enters the agent context via git log and git diff outputs in Step 3.
Boundary markers: The agent is instructed to read and analyze this external data without the use of explicit delimiters or instructions to ignore potential commands embedded in commit messages.
Capability inventory: The skill has the capability to write to local files (CHANGELOG.md), commit changes, and push to remote branches.
Sanitization: No automated sanitization of git metadata is performed; however, the skill incorporates mandatory human-in-the-loop verification steps for both the proposed changelog content and the final pull request body, which significantly mitigates the risk of malicious output.

github-release