release

[Skill Scanner] Skill instructions include directives to hide actions from user This Skill document describes a legitimate and coherent release workflow. The operations it requests (reading and updating CHANGELOG.md and package.json, installing git hooks, committing, tagging, pushing, and interacting with GitHub via gh) are appropriate and expected for a release tool. Primary remaining risk is that the referenced shell scripts and git hook implementations (not included here) are a trust boundary and could perform arbitrary or malicious actions if compromised. The silent install of hooks is a noteworthy operational risk. Recommend reviewing the actual contents of the referenced scripts and hooks before running in a privileged environment. LLM verification: Benign-suspicious: The skill’s described behavior is aligned with a reasonable release workflow and does not demonstrate malicious data flows or credential harvesting. A potential governance concern is silent installation of git hooks and any directives to hide actions from the user; ensure explicit user consent and visibility of steps. If such silencing is not intended, revise SKILL.md to remove hidden actions and require explicit confirmations for critical steps like pushing tags and CI watch.