The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from git logs and diffs which could contain malicious instructions.
Ingestion points: Git commit messages and file diffs are read using git log and git diff (SKILL.md Step 2).
Boundary markers: The skill does not use delimiters or explicit instructions to isolate untrusted git data from the agent's logic.
Capability inventory: The agent can write/delete files (pr-description.md) and execute shell/Node.js commands.
Sanitization: No validation or sanitization of the content extracted from the git repository is performed before incorporating it into the prompt.
[COMMAND_EXECUTION]: The skill executes various system commands and internal Node.js scripts to perform its tasks.
Evidence: It uses git for repository analysis and node to run scripts for local configuration management (tasks-system.mjs) and clipboard integration (copy-to-clipboard.mjs). These operations are restricted to the local environment and are necessary for the skill's primary function.

generate-pr-description