changelog
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the
Bashtool to perform repository analysis and automate release workflows. - Executes
gitcommands to retrieve commit history, tags, diffs, and contributor information. - Utilizes package manager commands such as
npm version,npm publish, andcargo publishto manage software versions and distribution. - Invokes platform-specific tools like the GitHub CLI (
gh) and GitLab CLI (glab) to fetch pull/merge request metadata and create remote releases. - [PROMPT_INJECTION]: The skill's core functionality involves processing untrusted external data, creating an attack surface for indirect prompt injection.
- Ingestion points: The agent reads and analyzes commit messages, pull request titles, and descriptions from the repository environment.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard potentially malicious commands embedded within the commit history or PR bodies.
- Capability inventory: The skill possesses broad execution capabilities, including shell access, file modification (
CHANGELOG.md), and the ability to trigger remote release actions. - Sanitization: The skill does not implement sanitization or validation of the ingested text before incorporating it into the agent's context for summarization and categorization.
- [EXTERNAL_DOWNLOADS]: The skill interacts with well-known developer platforms to retrieve necessary metadata.
- Fetches pull request and release information from GitHub using the official
ghCLI. - Retrieves merge request data from GitLab using the official
glabCLI.
Audit Metadata