git-tags
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute standard Git operations such as creating tags (git tag -a), committing changes, and pushing to remote repositories. These are legitimate administrative actions for software release management.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it involves the agent reading and processing data from external repository files. 1. Ingestion points: Content is read from local project files including package.json, pyproject.toml, and CHANGELOG.md. 2. Boundary markers: The instructions do not specify the use of delimiters or 'ignore instructions' warnings for content read from these files. 3. Capability inventory: The agent is granted access to the Bash tool for command execution and the Read and Grep tools for file system interaction. 4. Sanitization: There are no explicit procedures for validating or sanitizing the file contents before they are used to determine versioning steps.
Audit Metadata