The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on executing shell commands for its core functionality. It uses the git and gh (GitHub CLI) tools to modify the repository state, push code to remote servers, and create official releases. While these are necessary for deployment, they represent a significant capability tier.
[PROMPT_INJECTION]: The skill is subject to indirect prompt injection through the analysis of git commit history and diffs. Malicious instructions embedded in commit messages could potentially influence the agent's behavior during the changelog generation or deployment process.
Ingestion points: Git commit messages and file diffs are processed in SKILL.md (Step 2b) and scripts/deploy-analyze.mjs to summarize changes.
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are used when processing the diff data.
Capability inventory: The skill has the ability to write to project configuration files (package.json, plugin.json), commit changes, tag releases, and push to remote repositories via scripts/deploy-execute.mjs.
Sanitization: The version number is validated against a strict regex, but the content of the changelog/release notes is not sanitized before being written to a file and used in the release creation command.

agent-skill-deploy