The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill checks for the existence of the PyPI configuration file '~/.pypirc' and verifies if the 'TWINE_PASSWORD' environment variable is set to ensure authentication credentials are available for publishing. Evidence: '[ -f ~/.pypirc ] && echo ".pypirc found"' and 'echo "${TWINE_PASSWORD:+PyPI token is set}"' in 'references/publishing.md'.
[COMMAND_EXECUTION]: The skill executes various system commands to manage the release lifecycle, including git operations, project builds, and package publishing. Evidence: Commands such as 'git commit', 'git tag', 'git push', 'npm run build', 'python -m build', 'twine upload', and 'npm publish' are used throughout 'SKILL.md' and 'references/publishing.md'.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from git commit messages and GitHub pull request details to generate changelogs. Ingestion points: Git history ('git log') and GitHub PR lists ('gh pr list') are read by the 'changelog-generator' subagent defined in 'agents/changelog-generator.md'. Boundary markers: Absent. The prompts do not include instructions to the subagent to treat the ingested data as untrusted or to ignore potential instructions embedded within commit messages. Capability inventory: The skill possesses extensive capabilities including file modification, command execution ('SKILL.md'), and network operations for publishing packages ('references/publishing.md'). Sanitization: Absent. Data extracted from git and GitHub is formatted and presented to the user/agent without sanitization.
[EXTERNAL_DOWNLOADS]: The skill downloads and installs standard development tools from the official Python Package Index (PyPI). Evidence: 'pip install --upgrade build twine' in 'references/publishing.md'.

release-manager