The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute various local scripts and commands for validation, specifically npm run build, node scripts/generate-github-release-notes.mjs, and npx skill-check. While these are standard development workflows, the execution of local scripts can be exploited if an attacker manages to modify those scripts in the repository.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes external, potentially untrusted data.
Ingestion points: The agent is instructed to read and inspect README.md, CHANGELOG.md, and markdown files located in xcodebuildmcp.com/app/docs/_content/**.
Boundary markers: There are no explicit delimiters or instructions to treat the content of these files as data rather than instructions, which could allow embedded commands to influence agent behavior.
Capability inventory: The skill includes the capability to execute shell commands and JavaScript files via node and npm.
Sanitization: The skill lacks instructions for sanitizing or validating the contents of the ingested files before processing them.

xcodebuildmcp-docs-release-review