release
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes standard development commands (
bundle exec rspec,git,gem,gh) to automate testing and publishing. These operations are essential to the primary release purpose and do not demonstrate malicious patterns like privilege escalation. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it ingests data from local files and user prompts and interpolates them into command-line arguments.
- Ingestion points: File content from
lib/buttercut/version.rband user-supplied release notes. - Boundary markers: None; the skill lacks delimiters or specific instructions to ensure that the AI treats ingested data as non-executable content.
- Capability inventory: The skill has significant capabilities, including modifying local files, pushing to git remotes, and publishing packages to external registries.
- Sanitization: None; the instructions do not include any sanitization or escaping steps for the interpolated variables, which could lead to command injection if input contains shell metacharacters.
Audit Metadata