Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

santosomar/release-notes-writer

Name: release-notes-writer
Author: santosomar

skills/devops/release-notes-writer/SKILL.md

npx skillsauth add santosomar/general-secure-coding-agent-skills release-notes-writer

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Release Notes Writer

Release notes are marketing for engineering. The changelog lists everything; release notes tell a story about the 2–3 things that matter.

Input

Preferably the output of → change-log-generator. If not available, the raw commit range — but you'll need to do the classification yourself first.

The shape

<One-sentence headline — what is this release about?>

<One paragraph of context — why these changes, what problem do they solve>

## Highlights
  <2–4 items, each with a before/after>

## Upgrade notes
  <Only if there's something to do. "No breaking changes" if clean.>

## Full changelog
  <link to CHANGELOG.md — don't duplicate it>

Step 1 — Find the headline

What is this release about? Usually one of:

| Release type | Headline pattern | | ------------------- | ----------------------------------------------------------- | | One big feature | "<product> <ver> introduces <feature>" | | Many small features | "<product> <ver>: <theme connecting the features>" | | Mostly fixes | "<product> <ver>: stability and fixes" — short notes, no highlights section | | Breaking/major | "<product> <ver>: <what changed> — upgrade guide inside" | | Security patch | "<product> <ver>: security update" — lead with this, nothing else matters |

If you can't find a headline, the release doesn't have a story. That's fine — write two sentences and link the changelog.

Step 2 — Pick highlights (ruthlessly)

From a 20-item changelog, pick 2–4. Criteria:

Will the average user notice this? (Most fixes: no.)
Does it unblock something users have been asking for? (Check issue tracker reactions.)
Does it change how they should write their code?

Everything else is "…and many other improvements — see the full changelog."

Step 3 — Write before/after for each highlight

A highlight with no before/after is an assertion. A highlight with before/after is a demonstration.

Bad: "Added timeout support to the Client."

Good:

Request timeouts. Previously, a hung server would hang your client forever. Now:
client = Client(timeout=5.0)   # raises TimeoutError after 5s

Upgrade notes

Only write this section if there's something to do:

Breaking changes → exact migration steps, old→new code snippets
New minimum dependency version → say which and why
Config key renamed → old key, new key, whether the old one still works
Nothing → write "No breaking changes. Drop-in upgrade from <prev>." so readers know the absence is intentional.

Worked example

Changelog input (from → change-log-generator):

## [2.4.0]
### Breaking
- Dropped Python 3.8 support (#94)
### Added
- Client() accepts timeout parameter (#92)
- New retry_on parameter for selective retry (#97)
### Fixed
- Connection pool leak under concurrent close (#891)
- 7 other fixes

Release notes output:

# httpx-thing 2.4.0 — Timeouts and selective retry

2.4.0 closes out the two most-requested reliability features: per-call
timeouts and the ability to retry only on the errors you care about.

## Highlights

**Request timeouts.** Previously, a hung server hung your client. Now:

    client = Client(timeout=5.0)

**Selective retry.** Retrying everything wastes time on unrecoverable
errors. `retry_on` lets you pick:

    client = Client(retries=3, retry_on=[ConnectionError, Timeout])

## Upgrade notes

**Python 3.8 is no longer supported.** Minimum is 3.9. If you're on
3.8, stay on httpx-thing 2.3.x until you can upgrade.

Otherwise: drop-in upgrade from 2.3.

## Full changelog

See [CHANGELOG.md](./CHANGELOG.md#240).

The pool-leak fix and 7 other fixes are omitted from highlights — they're in the changelog link.

Do not

Do not list every change. That's what the changelog is for.
Do not lead with internal wins ("we refactored the core"). Users don't care about your architecture.
Do not bury breaking changes below highlights. If it breaks, it's the first thing after the intro.
Do not write "various bug fixes and improvements" as a highlight. That's a link to the changelog, not a sentence.
Do not write upgrade notes that say "see the changelog for breaking changes." Inline the migration steps — that's the entire point of the section.

Output format

Markdown, structured as above. Length: a patch release is 3 sentences; a major release with breaking changes might be 50 lines.

santosomar/release-notes-writer

skills/devops/release-notes-writer/SKILL.md

Transforms a changelog or commit range into user-friendly release notes with highlights, upgrade guidance, and narrative framing. Use when publishing a release announcement, when the changelog is too dense for users to read, or when the user needs a blog-post-shaped summary of a version.

documentation

Updated Apr 13, 2026

$ install --global

skillsauth

npx skillsauth add santosomar/general-secure-coding-agent-skills release-notes-writer

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 20, 2026, 11:42 AM153.2s1 file scanned

SKILL.md

name:: release-notes-writer
description:: Transforms a changelog or commit range into user-friendly release notes with highlights, upgrade guidance, and narrative framing. Use when publishing a release announcement, when the changelog is too dense for users to read, or when the user needs a blog-post-shaped summary of a version.
license:: Apache-2.0
category:: devops
suite:: general-secure-coding-agent-skills
version:: 0.3.0
related:: change-log-generator

Release Notes Writer

Release notes are marketing for engineering. The changelog lists everything; release notes tell a story about the 2–3 things that matter.

Input

Preferably the output of → change-log-generator. If not available, the raw commit range — but you'll need to do the classification yourself first.

The shape

<One-sentence headline — what is this release about?>

<One paragraph of context — why these changes, what problem do they solve>

## Highlights
  <2–4 items, each with a before/after>

## Upgrade notes
  <Only if there's something to do. "No breaking changes" if clean.>

## Full changelog
  <link to CHANGELOG.md — don't duplicate it>

Step 1 — Find the headline

What is this release about? Usually one of:

If you can't find a headline, the release doesn't have a story. That's fine — write two sentences and link the changelog.

Step 2 — Pick highlights (ruthlessly)

From a 20-item changelog, pick 2–4. Criteria:

Will the average user notice this? (Most fixes: no.)
Does it unblock something users have been asking for? (Check issue tracker reactions.)
Does it change how they should write their code?

Everything else is "…and many other improvements — see the full changelog."

Step 3 — Write before/after for each highlight

A highlight with no before/after is an assertion. A highlight with before/after is a demonstration.

Bad: "Added timeout support to the Client."

Good:

Request timeouts. Previously, a hung server would hang your client forever. Now:
client = Client(timeout=5.0)   # raises TimeoutError after 5s

Upgrade notes

Only write this section if there's something to do:

Breaking changes → exact migration steps, old→new code snippets
New minimum dependency version → say which and why
Config key renamed → old key, new key, whether the old one still works
Nothing → write "No breaking changes. Drop-in upgrade from <prev>." so readers know the absence is intentional.

Worked example

Changelog input (from → change-log-generator):

## [2.4.0]
### Breaking
- Dropped Python 3.8 support (#94)
### Added
- Client() accepts timeout parameter (#92)
- New retry_on parameter for selective retry (#97)
### Fixed
- Connection pool leak under concurrent close (#891)
- 7 other fixes

Release notes output:

# httpx-thing 2.4.0 — Timeouts and selective retry

2.4.0 closes out the two most-requested reliability features: per-call
timeouts and the ability to retry only on the errors you care about.

## Highlights

**Request timeouts.** Previously, a hung server hung your client. Now:

    client = Client(timeout=5.0)

**Selective retry.** Retrying everything wastes time on unrecoverable
errors. `retry_on` lets you pick:

    client = Client(retries=3, retry_on=[ConnectionError, Timeout])

## Upgrade notes

**Python 3.8 is no longer supported.** Minimum is 3.9. If you're on
3.8, stay on httpx-thing 2.3.x until you can upgrade.

Otherwise: drop-in upgrade from 2.3.

## Full changelog

See [CHANGELOG.md](./CHANGELOG.md#240).

The pool-leak fix and 7 other fixes are omitted from highlights — they're in the changelog link.

Do not

Do not list every change. That's what the changelog is for.
Do not lead with internal wins ("we refactored the core"). Users don't care about your architecture.
Do not bury breaking changes below highlights. If it breaks, it's the first thing after the intro.
Do not write "various bug fixes and improvements" as a highlight. That's a link to the changelog, not a sentence.
Do not write upgrade notes that say "see the changelog for breaking changes." Inline the migration steps — that's the entire point of the section.

Output format

Markdown, structured as above. Length: a patch release is 3 sentences; a major release with breaking changes might be 50 lines.

Related Skills

santosomar/verified-pseudocode-extractor

development

VerifiedTrustedCommunity

Extracts human-readable pseudocode from a verified formal artifact (Dafny, Lean, TLA+) while preserving the verified properties as annotations, so the proof-carrying logic can be reimplemented in a production language. Use when porting verified code to an unverified target, when documenting what a formal spec actually does, or when handing a verified algorithm to an implementer.

SKILL.mdUpdated Apr 13, 2026

santosomar/verified-pseudocode-extractor

santosomar/tlaplus-spec-generator

development

VerifiedTrustedCommunity

Translates natural-language or pseudocode descriptions of concurrent and distributed systems into TLA+ specifications ready for the TLC model checker. Identifies state variables, actions, type invariants, safety properties, and liveness properties from the description. Use when formalizing a protocol, when the user describes a distributed algorithm to verify, when designing a consensus or locking scheme, or when starting formal verification of a concurrent system.

SKILL.mdUpdated Apr 13, 2026

santosomar/tlaplus-spec-generator

santosomar/tlaplus-model-reduction

testing

VerifiedTrustedCommunity

Reduces a TLA+ model so TLC can actually check it — shrinks constants, adds state constraints, abstracts data, or applies symmetry — when the state space is too large to enumerate. Use when TLC runs out of memory, when checking takes hours, or when a spec works at N=2 and you need confidence at larger scale.

SKILL.mdUpdated Apr 13, 2026

santosomar/tlaplus-model-reduction

santosomar/tlaplus-guided-code-repair

development

VerifiedTrustedCommunity

TLA+-specific instance of model-guided repair — reads a TLC error trace, identifies the enabling condition that should have been false, strengthens the corresponding action, and maps the fix to source code. Use when TLC reports an invariant violation or deadlock and you have the code-to-TLA+ mapping from extraction.

SKILL.mdUpdated Apr 13, 2026

santosomar/tlaplus-guided-code-repair

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/santosomar/general-secure-coding-agent-skills.git

# Copy into Claude Code skills folder (global)
cp -r general-secure-coding-agent-skills/skills/devops/release-notes-writer ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

santosomar/general-secure-coding-agent-skills

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT