The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) to retrieve release information, repository metadata, and user profile data. These are standard operations for interacting with GitHub and do not involve unauthorized privilege escalation or dangerous command construction.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from GitHub release notes. * Ingestion points: Release body markdown retrieved via 'gh release view' in SKILL.md. * Boundary markers: The skill lacks explicit delimiters or instructions to the agent to ignore embedded commands within the release markdown. * Capability inventory: The skill can execute GitHub CLI commands and generate formatted text. * Sanitization: No specific filtering or sanitization of the markdown content is performed before processing. * Mitigation: The risk is categorized as low because the skill explicitly directs the output to the user for manual review and does not have the capability to post the tweet automatically.

release-tweet