The Agent Skills Directory

Indirect Prompt Injection Surface: The skill incorporates content from pull request bodies (PR_BODY) and labels into the validation prompt. Because this data is provided by PR authors, it represents a potential surface where an attacker could attempt to influence the LLM's semver bump recommendation or bypass validation rules.
Ingestion points: The scripts/changeset-prompt.mjs script extracts the PR body and labels from the GitHub event payload.
Boundary markers: No explicit delimiters or instructions are used to isolate the PR body from the primary validation rules.
Capability inventory: The resulting verdict is used by scripts/changeset-assign-milestone.mjs to automatically update PR milestones via the GitHub API.
Sanitization: External content is interpolated directly into the template without specific filtering.
Local Command Execution: The skill uses Node.js child_process (execSync and spawnSync) to run git commands. This is used to resolve repository refs and extract code diffs for analysis, which is standard for a development-centric skill.
Credential Usage (GitHub Token): The milestone assignment script utilizes the GITHUB_TOKEN environment variable to interact with the official GitHub API. This interaction is restricted to fetching milestones and updating the PR, which is consistent with the tool's intended release management workflow.

changeset-validation