The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple local shell scripts (e.g., ./scripts/release.sh, ./scripts/docker-onboard-smoke.sh, and ./scripts/create-github-release.sh) to coordinate the release process. These scripts are internal to the repository being managed and represent standard automation for a release workflow.
[EXTERNAL_DOWNLOADS]: The skill interacts with npm to publish the vendor's package (paperclipai) and uses npx to execute the canary version for smoke testing. These interactions target well-known services and official vendor resources.
[PROMPT_INJECTION]: The skill processes untrusted data from git log and git diff outputs to determine the next version number and generate changelogs. While this creates a surface for indirect prompt injection, it is a standard practice for release tools.
Ingestion points: git log output, git diff output, and the releases/vX.Y.Z.md file.
Boundary markers: No explicit sanitization or boundary markers are defined for the shell output processing within the prompt instructions.
Capability inventory: The agent has capabilities to publish to npm (npm publish), push to git (git push), and execute various local scripts.
Sanitization: None detected in the provided skill instructions.

release