The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill includes logic to install the Bun runtime from https://bun.sh/install if it is not found on the system. This installation process is secured with hardcoded SHA-256 checksum verification to ensure the integrity of the downloaded script before it is executed.
[COMMAND_EXECUTION]: The skill utilizes several standard command-line tools such as git, gh (GitHub CLI), and various cloud platform CLIs (Fly.io, Heroku, Vercel) to automate the deployment lifecycle. These commands are integral to the skill's stated purpose as a release engineering tool.
[DATA_EXFILTRATION]: The skill implements an opt-in telemetry feature that shares anonymous usage data (e.g., duration and outcome) with the vendor. The user is explicitly prompted to choose their preferred telemetry level during the initial setup.
[PROMPT_INJECTION]: The skill ingests external data from pull request bodies and commit messages to verify that the documentation matches the actual code changes. This identifies an indirect prompt injection surface; however, the data is primarily used for status reporting and decision gates, and the overall risk is assessed as minimal.

land-and-deploy