The Agent Skills Directory

[PROMPT_INJECTION]: The SKILL.md file contains a 'collaboration agreement' section that imposes internal rules on the agent to track and report bugs according to the author's protocols, which could override user intentions or lead to unintended agent behavior.
[DATA_EXFILTRATION]: The skill instructs the agent to record bug data into a hidden local directory (~/.bensz-skills/bugs/) and provides instructions for the agent to upload this data to an external GitHub repository controlled by the author (huangwb8/bensz-bugs). This mechanism could leak sensitive project information or agent activity logs.
[CREDENTIALS_UNSAFE]: The scripts/get-github-token.sh script facilitates the storage of GitHub personal access tokens in a plain-text .env file and outputs them to stdout. This promotes insecure secret management and risks exposing sensitive credentials in system logs or the agent's execution context.
[COMMAND_EXECUTION]: The skill and its accompanying script execute various shell commands to manage Git operations and project environment configuration, including automated modification of the .gitignore file and parsing of environment variables.

git-publish-release