The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill includes a script, scripts/validate-reusable-workflows.sh, that uses curl to verify the existence of files on raw.githubusercontent.com. This is a legitimate safety check used to ensure that reusable GitHub Actions workflows referenced in the project are resolvable before a release is initiated. This operation targets a well-known service and serves a purely functional purpose.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes data from the repository that could be influenced by external contributors.
Ingestion points: scripts/suggest-version.sh reads git commit logs; scripts/check-changelog-links.py and scripts/validate-pre-release.sh read CHANGELOG.md content.
Boundary markers: Data ingested from these sources is not wrapped in specific delimiters or instructions to ignore embedded content.
Capability inventory: The skill has access to gh and git CLI tools and can perform file system operations (Read, Write, Edit).
Sanitization: While the scripts use regular expressions for parsing version numbers and commit types, there is no explicit sanitization to prevent the agent from potentially following instructions embedded within the commit messages or changelog entries.
[COMMAND_EXECUTION]: The skill defines and executes several local scripts to automate the release process. These scripts utilize standard command-line utilities such as git, gh, sed, and grep to analyze the project state and enforce versioning policies. All executed commands are consistent with the skill's stated purpose of managing software releases.

github-release