beaver-release-skills
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard system commands including
git(for version control operations like logging, diffing, committing, and tagging) and the GitHub CLIgh(for identifying contributors and checking CI status). These operations are consistent with the skill's stated purpose of automating software releases. - [DATA_EXFILTRATION]: Performs
git pushto the project's configured remote repository. This operation is the intended outcome of the release process and is only executed after explicit user confirmation in Step 8. - [PROMPT_INJECTION]: The skill processes untrusted data from the Git history (commit messages) to generate changelogs. While this presents a surface for indirect prompt injection, the risk is mitigated by the design of the workflow, which provides the user with a preview of the generated content and requires manual approval before proceeding to the final commit and push phases.
Audit Metadata