The Agent Skills Directory

Command Execution via Variable Interpolation: The skill constructs shell commands for gh, docker, and git using variables like <OLD>, <NEW>, and <DATE>. When variables are interpolated directly into shell strings without explicit sanitization, it creates a potential surface for command injection if the inputs are derived from untrusted sources or malicious user input.
External Content Processing: The skill retrieves and executes commands within container images from mcr.microsoft.com and processes pull request titles from GitHub. This introduces a surface for indirect prompt injection, where malicious content embedded in a PR title or image metadata could attempt to influence the agent's behavior during the task, such as the title rewriting step.
Automated Repository Modification: The skill is designed to perform file edits, commit changes, and open pull requests automatically. While this is the primary purpose of the skill, the capability to modify code and manifests across multiple charts warrants careful oversight of the generated output before final submission.

ama-logs-update-charts-release-notes