The Agent Skills Directory

[SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration behaviors were detected. The skill's functionality is consistent with its stated purpose of managing software release gates.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute standard development commands such as npm run build, npm test, npm run test:security, and git. These operations are well-scoped to the release process and include internal checks to ensure they are run in the correct sequence.
[DATA_EXFILTRATION]: The skill incorporates proactive security measures to prevent data leakage. Specifically, it includes rules that forbid the use of broad staging commands like git add -A and explicitly instructs the agent to check the git diff for secrets, credentials, and .env files before committing.
[PROMPT_INJECTION]: The instructions reinforce the agent's role as a gatekeeper for releases. It includes strict rules requiring explicit user confirmation before executing git push commands, even if the user has previously indicated they are ready to proceed.
[INDIRECT_PROMPT_INJECTION]: The skill has an ingestion surface as it reads content from package.json, CHANGELOG.md, and git diff outputs. While these could theoretically contain malicious instructions if the underlying codebase were compromised, the skill's specific focus on manual review and pre-release gates serves as a mitigation for this attack vector.

release-checklist