The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The scripts/validate.sh file uses bash -c to execute shell commands. This is used solely for checking the existence and contents of local repository files (e.g., SKILL.md) using hardcoded strings. There is no risk of command injection from untrusted input.
[DATA_EXFILTRATION] (SAFE): No network calls or exfiltration patterns were identified. The skill does not access sensitive local files or use network tools like curl or wget.
[REMOTE_CODE_EXECUTION] (SAFE): No external packages or remote scripts are downloaded or executed. All operations are performed using local git commands and standard shell utilities.
[INDIRECT_PROMPT_INJECTION] (SAFE): Although the documentation describes processing CHANGELOG.md files which could contain untrusted data, the provided files only define policies and validation checks. No prompt templates vulnerable to injection were found, and the release notes policy explicitly encourages the removal of internal details and IDs, which serves as a basic form of data sanitization.

release