jaan-release

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [HIGH] skill_discovery_abuse: System prompt extraction attempt (SD002) [AITech 4.3] BENIGN with cautious operational risk. The skill’s footprint matches its purpose as an internal release automation orchestrator. No malicious data flows or credential harvesting detected in the provided fragment. Ensure strict access controls for the local skill and ensure that all injected changes go through the intended human-review gates before merging/public release. LLM verification: This SKILL.md is a release orchestration document that legitimately runs local validation and release scripts and then pushes commits/tags and creates a GitHub PR. The described capabilities are consistent with a maintainer-only release tool, but the control it grants (execute arbitrary repo scripts + push to origin + create releases) is high-risk if any invoked script is malicious or compromised. The static scanner flags (rm -rf, pipe-to-shell) increase supply-chain risk: review and audit the r