The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill frequently invokes npx ruv-swarm, which downloads and executes an external Node.js package from the public registry. This package is not from a trusted source or organization defined in the security guidelines.\n- COMMAND_EXECUTION (MEDIUM): The skill is designed to execute arbitrary shell commands for building and deploying, including local scripts like ./scripts/build-binaries.sh and distribution commands like npm publish and docker push. This provides a significant attack surface if repository configuration files are compromised.\n- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). \n
Ingestion points: It ingests untrusted data from GitHub commit messages and pull request titles/bodies via gh api and gh pr list commands.\n
Boundary markers: No boundary markers or instructions to ignore embedded commands are present when passing this data to the agents.\n
Capability inventory: The skill possesses powerful capabilities including creating releases, uploading artifacts, and publishing to package managers.\n
Sanitization: There is no evidence of escaping or filtering of the commit/PR content before it is processed by the AI agents.

github-release-swarm