release
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. Ingestion points: Processes Pull Request descriptions and changelog files in
.github/changelog/. Boundary markers: Absent; no explicit instructions for the agent to ignore instructions embedded in the ingested data. Capability inventory: Execution ofnpm run release,git, andcomposer. Sanitization: Only checks for punctuation; lacks security-focused validation. An attacker could influence agent behavior by injecting instructions into PR descriptions. - [COMMAND_EXECUTION] (SAFE): Standard development commands (
npm,git,composer) are used for their intended purpose of version and release management.
Audit Metadata