release-skills
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands such as
git log,git tag, andgh pr view. It derives arguments for these commands (e.g., tag names, PR numbers) from repository history, which presents a risk of command injection if the history contains malicious strings. - [PROMPT_INJECTION]: Indirect prompt injection surface identified through the processing of untrusted repository data. Malicious instructions embedded in commit messages or PR descriptions could potentially influence the agent's logic during changelog generation or versioning decisions. 1. Ingestion points: Git commit logs and GitHub PR metadata via
git logandgh pr viewinSKILL.md. 2. Boundary markers: None found; the skill does not explicitly instruct the agent to ignore instructions within the ingested data. 3. Capability inventory: File system modification (git add,git commit) and network operations (git push) inSKILL.md. 4. Sanitization: No sanitization or validation of commit messages or PR data is performed before processing.
Audit Metadata