wp-plugin-tag

The SKILL.md file describes the functionality and safety rules for managing WordPress plugin git tags. It outlines a workflow that involves locating plugin files, extracting versions, and performing git tag operations (verify, list, create, delete, push). Crucially, this file contains no executable code, shell commands, or direct instructions for the AI agent to execute. The 'Safety Rules' section explicitly mentions precautions such as stopping if the working tree is dirty, confirming the default branch, and requiring explicit user approval for destructive actions (delete, force) or pushing tags, which indicates a design with security in mind for the eventual implementation. The templates/tag-message.md file is a simple markdown template for a git tag message, also containing no executable content. Neither file exhibits any patterns associated with prompt injection, data exfiltration, obfuscation, unverifiable dependencies, privilege escalation, persistence mechanisms, metadata poisoning, or time-delayed attacks. Since no code is provided for execution, the analysis is limited to the declarative content, which is found to be safe.