The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill implementation dynamically constructs shell commands using variables such as TARGET_VERSION, CHANGES, and PACKAGE_NAME. These variables are derived from user input and repository files (debian/changelog, git log) and are interpolated into commands like sed, echo, and git commit without sanitization. A malicious input or a compromised git history containing shell metacharacters could lead to arbitrary command execution on the host.
[Indirect Prompt Injection] (LOW): The skill ingests untrusted data from the local environment which could be manipulated to influence tool behavior. Ingestion points: Reads data from debian/changelog and git log output. Boundary markers: Absent; the data is directly embedded into file writing templates. Capability inventory: Includes file system modification (echo, sed -i) and git repository manipulation (git add, git commit). Sanitization: Absent; the skill does not escape or validate strings before passing them to the shell.

create-release-tags