add-git-tag
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard Git operations, including repository status checks (
git status), commit logging (git log), and tag management (git tag,git push). These operations are necessary for the skill's stated purpose of managing project milestones. - [PROMPT_INJECTION]: The skill processes user-provided strings for the tag version, achievements, and next-phase plans. These strings are interpolated into shell commands. While this presents an indirect prompt injection surface, the risk is mitigated by a mandatory human-in-the-loop confirmation step where the full message is displayed for review before execution.
- Ingestion points: User input collected in Step 1 (version, achievements, plans).
- Boundary markers: Absent in the shell command templates.
- Capability inventory: Execution of shell commands via Bash for Git operations.
- Sanitization: Not explicitly defined in the instructions; the agent relies on the user confirmation step to ensure the command content is correct.
Audit Metadata