create-release

The skill is coherently scoped to its stated purpose: generating a changelog from merged PRs and publishing a release on Gitee via MCP, with explicit steps and user confirmations. Security concerns are moderate and mainly revolve around proper authentication/configuration of the MCP endpoints, potential exposure of PR-derived content in the release body, and ensuring only intended releases are created. No explicit credential harvesting or untrusted external downloads are described. Overall, the footprint is proportionate to the release automation task, but ensure MCP credentials are securely managed and consider adding explicit content sanitization for PR titles/descriptions to avoid leaking sensitive information.