The Agent Skills Directory

[COMMAND_EXECUTION]: The skill implements a project hook system that executes arbitrary shell commands defined in the .releaserc.yml configuration file. Specifically, the prepare_artifact and publish_artifact hooks allow the execution of user-defined commands during the release workflow. If a project configuration is compromised, this provides a direct path for arbitrary command execution.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from Git commit messages and GitHub Pull Request metadata.
Ingestion points: Data is read via git log and gh pr view to categorize changes and generate multi-language changelogs.
Boundary markers: The instructions do not define clear delimiters or "ignore instructions" warnings when processing these logs.
Capability inventory: The skill has significant capabilities, including file system writes (version files, changelogs), Git commits, and network operations (git push).
Sanitization: There is no mention of sanitizing or escaping the content retrieved from commit history or PR descriptions before it is used to influence the agent's release logic or content generation.

release-skills