harness-release

Benign: The skill's footprint is coherent with its stated purpose of automating Harness v3 releases (version bump, changelog, tagging, GitHub release). It relies on established tools (git, gh, jq) and updates local files before pushing and publishing releases. The main security considerations are dependency on external CLI tools (gh, git) and token/config handling, which are typical for release automation. There are no evident hidden data exfiltration or dangerous download-execute patterns. Ensure credentials (GitHub tokens) are managed securely and that user-supplied release notes are validated to prevent injection into downstream tooling.