release-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands like git describe, git log, and jq to retrieve repository status and version information. It also provides the agent with instructions for committing, tagging, and pushing changes to the repository, which involve powerful system and network capabilities.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by consuming and interpreting git commit messages to determine versioning logic and changelog content.
- Ingestion points: Commit messages and tag descriptions retrieved via git log and git describe in the current repository context.
- Boundary markers: Absent; the agent processes raw output from the shell commands without explicit delimiters or warnings to ignore instructions embedded in the commit messages.
- Capability inventory: The skill provides a workflow for repository modification, including git add, git commit, git tag, and git push.
- Sanitization: There is no evidence of sanitization or filtering of commit message content before it is parsed for versioning keywords (e.g., BREAKING CHANGE) or generated into the changelog.
Audit Metadata