release
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions do not contain any patterns attempting to override agent safety guidelines, bypass constraints, or extract system prompts.
- [DATA_EXFILTRATION]: No unauthorized data access or exfiltration patterns were detected. The skill correctly interacts with standard project files like package.json and CHANGELOG.md for their intended purpose in the release cycle.
- [COMMAND_EXECUTION]: The skill uses restricted bash tools (git and npm versioning) through the allowed-tools configuration, which follows the principle of least privilege for its intended functionality.
- [REMOTE_CODE_EXECUTION]: No remote code execution or untrusted downloads were identified. References to external tools like conventional-changelog are standard in software development and are mentioned within documentation context.
- [INDIRECT_PROMPT_INJECTION]: While the skill reads configuration from project files like CONTRIBUTING.md, the scope of the operations is limited to release metadata and does not present an exploitable surface for indirect instruction injection.
Audit Metadata