release

SUSPICIOUS. The skill is largely coherent with a release-engineering purpose and uses mostly official GitHub/tooling paths, so it does not look malicious. However, it grants an AI agent broad write/publish abilities across repos and releases, performs package-manager actions, and includes transitive skill use; these make it medium risk even though the data flows are proportionate to the task.