The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local git and gh (GitHub CLI) commands to analyze project history, update version files, create release commits, and generate tags. These actions are standard for the tool's primary purpose.
[EXTERNAL_DOWNLOADS]: The skill interacts with GitHub's infrastructure via the gh CLI to retrieve pull request metadata and identify external contributors.
[DATA_EXFILTRATION]: The workflow involves pushing commits and tags to the configured remote repository (origin). This operation is gated by a mandatory user confirmation step to prevent unauthorized or accidental data transmission.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from the repository's commit history and pull request titles. 1. Ingestion points: Commit messages obtained via git log and contributor names from gh pr view. 2. Boundary markers: The instructions do not define explicit delimiters or escaping for the ingested text when generating natural language changelogs. 3. Capability inventory: The agent can modify local files, commit changes, and perform network pushes. 4. Sanitization: There is no mention of filtering or sanitizing the commit content. This risk is mitigated by the requirement for the user to review and confirm the proposed changes and changelog content before execution.

release-skills