The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its changelog verification workflow.
Ingestion points: Data is ingested from git log, gh issue view, and gh pr view (commit messages, issue titles/descriptions, and PR comments).
Boundary markers: The subagent prompt template in SKILL.md interpolates drafted entries ([paste drafted entries]) without delimiters or instructions to ignore embedded commands.
Capability inventory: The agent can execute shell commands (git, gh, cargo), modify files, and spawn subagents.
Sanitization: There is no evidence of sanitization or escaping of the external content before it is passed to the subagent.
[COMMAND_EXECUTION]: The skill executes several powerful shell commands to manage the release process.
It runs cargo run -- hook pre-merge --yes, which executes code defined in the repository's hooks.
It uses cargo release with flags like --no-verify, which bypasses standard tool-level safety checks during the version bump process.
It executes project-specific commands like wt merge and standard versioning tools like git tag and git push.

release