The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/gather.py script utilizes subprocess.run to execute local git commands for retrieving commit logs. Additionally, SKILL.md employs Python heredocs to dynamically generate temporary configuration files and coordinate logic. These patterns are implemented using argument lists and controlled templates, which effectively prevents arbitrary shell injection.
[PROMPT_INJECTION]: The skill handles untrusted data from git commit messages and GitHub Pull Request descriptions, creating a surface for indirect prompt injection.
Ingestion points: The scripts/gather.py script reads external content from local git history and the GitHub API.
Boundary markers: Mitigation is built into Step 3, which requires the agent to display the gathered items and obtain explicit user confirmation before the AI processes the text.
Capability inventory: The skill possesses the ability to execute subprocesses (git), perform network requests (GitHub API), and write to the local file system (docs/).
Sanitization: No explicit sanitization or filtering of the ingested content is performed to remove potential adversarial instructions before they are passed to the language model.
[SAFE]: The scripts/gather.py script initializes an unverified SSL context via ssl._create_unverified_context() for communication with the GitHub API. While this is a security best practice violation that increases the risk of Man-in-the-Middle (MITM) attacks, it is classified as a safe finding in this context as it pertains to the environment configuration rather than an intended malicious behavior.

product-update-logger