Skills
skills/alekspetrov/navigator/nav-release/Gen Agent Trust Hub

nav-release

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill utilizes Bash to perform standard developer tasks such as git commits, tagging, and creating GitHub releases. These actions are necessary for the skill's primary function of plugin deployment.
  • [PROMPT_INJECTION] (LOW): The skill has an attack surface for indirect prompt injection as it reads and processes data from local project configuration files to drive its validation logic.
  • Ingestion points: The skill reads plugin.json, marketplace.json, CLAUDE.md, and README.md to verify versions and file existence.
  • Boundary markers: Absent; the skill does not use specific delimiters or instructions to ignore potential commands embedded within these files.
  • Capability inventory: The skill possesses high-impact capabilities including git push, gh release, and rm -rf (for cache clearing).
  • Sanitization: The skill performs no explicit sanitization or validation of the text content within the ingested files beyond version matching.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:33 PM