The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs multiple critical system operations including npm run build, npm test, git push, and npm publish. These commands facilitate the compilation and public distribution of software packages from the local environment.
[DATA_EXFILTRATION]: The skill hardcodes absolute file paths that reference a specific user directory: /Users/vickyfu/Documents/blockrun-web/.... This exposes the local username and the internal directory structure of the developer's environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the CHANGELOG.md file in Step 10. Content from this file is extracted and interpolated directly into a shell command using subshell expansion ($(...)). If the changelog contains malicious shell metacharacters, they will be executed by the host shell during the release process.
Ingestion points: CHANGELOG.md (read in Step 10 via sed).
Boundary markers: None; extracted text is passed directly as a command-line argument.
Capability inventory: File system read/write, shell execution (gh, git, npm), and network access for package publishing.
Sanitization: No escaping or validation is performed on the text extracted from the changelog before it is evaluated by the shell.

release