kata-complete-milestone

[Skill Scanner] Skill instructions include directives to hide actions from user This skill's stated purpose aligns with its actions: it reads project planning files, generates changelog/version bumps, archives milestone artifacts, updates docs, commits, tags, and optionally creates a release PR on GitHub. I found no explicit obfuscation or hardcoded credentials in the provided text. The primary risks are operational: (1) it executes external helper scripts (../kata-doctor, ../kata-configure-settings) whose content is not shown — those must be audited, (2) it runs arbitrary 'pre_release_commands' defined in config and runs npm test, which executes repository code — these are powerful and can lead to command execution if config or repo is compromised, and (3) it deletes REQUIREMENTS.md as part of the workflow, a destructive operation that should be gated. Overall this appears coherent and typical for a release/milestone automation skill, but it has non-trivial execution risk because it runs unbounded commands and depends on external scripts. Recommend auditing the helper scripts and ensuring pre_release_commands are reviewed and user confirmation gates are enforced before destructive actions. LLM verification: This skill's instructions are consistent with its stated purpose (release/milestone archival and version bumping). The primary security concern is the execution of arbitrary local scripts and configured pre_release_commands (read from preferences) and the implicit trust placed in repository-local helper scripts (../kata-doctor, ../kata-configure-settings). Those can execute arbitrary commands, access files, and perform network I/O, so they represent an elevated supply-chain risk if the helper sc