The Agent Skills Directory

[COMMAND_EXECUTION]: The skill interpolates values extracted from package.json (such as the name and description fields) directly into shell commands (e.g., gh repo create $REPO_NAME, gh repo edit --description "$DESCRIPTION"). If these fields in the local project file contain shell metacharacters like semicolons or backticks, it could lead to arbitrary command execution.
[COMMAND_EXECUTION]: Executes node -p "require('./package.json').version" to retrieve versioning information. This method treats the JSON file as a JavaScript module via require(), which can be exploited if the file contains malicious logic (e.g., JavaScript getters) disguised as data.
[COMMAND_EXECUTION]: Modifies global environment settings by running git config --global http.proxy. This changes the proxy settings for all Git operations on the user's machine, potentially disrupting other workflows or intercepting traffic if the proxy address is untrusted.
[EXTERNAL_DOWNLOADS]: Utilizes npx vsce package to bundle artifacts. This command dynamically downloads and executes the vsce package from the npm registry, introducing a dependency on external package availability and the security of the npm supply chain.
[COMMAND_EXECUTION]: The shell logic for cleaning the package name (echo "$PACKAGE_NAME" | sed ...) is vulnerable to injection because the variable $PACKAGE_NAME is expanded by the shell before being passed to echo.

github-repo-publish