release-skills

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This Skill description is coherent and aligned with its stated purpose. It performs local repository operations (read version, parse commits, generate changelogs, update version files, commit, tag, push) which are expected for a release automation tool. There are no signs of credential harvesting, external data exfiltration, obfuscated code, or other malicious behaviors in the provided instruction file. The primary security consideration is the high-impact nature of write-and-push operations: the tool must be run with user consent and appropriate CI/credential controls. Use in automated contexts should ensure explicit confirmation and least-privilege credentials for pushes.