The Agent Skills Directory

[COMMAND_EXECUTION]: The generate.py script executes the git log command via subprocess.run to extract change history. The command is invoked using a list of arguments rather than a shell string, which effectively mitigates shell injection risks.
[PROMPT_INJECTION]: The skill processes external, potentially untrusted data from PR titles, bodies, and git logs to generate release notes. While this represents a surface for indirect prompt injection, it is the primary function of the skill and no exploitable behavior was found. 1. Ingestion points: Data is read from files specified by the --prs argument or from git log output in generate.py. 2. Boundary markers: No specific boundary markers or ignore instructions are used for the processed content. 3. Capability inventory: The script is limited to reading local files, executing git, and writing the final Markdown and Slack reports to the filesystem. 4. Sanitization: Content from PRs is used directly in the output without sanitization, though guardrails in SKILL.md advise against major copy editing.

release-notes-writer