Skills
skills/bmad-code-org/bmad-utility-skills/bmad-os-release-module/Gen Agent Trust Hub

bmad-os-release-module

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses CLI tools (git, npm, gh) to perform versioning and release tasks. This is standard behavior for a deployment-focused tool.
  • [PROMPT_INJECTION]: The skill accepts user-provided changelog data which is then used in file operations and CLI commands, creating an indirect prompt injection surface.
  • Ingestion points: Step 2 in SKILL.md accepts external input from the user.
  • Boundary markers: None provided in the instructions to separate user input from system logic.
  • Capability inventory: git commit, git push, npm version, npm publish, and gh release create (Steps 5-9).
  • Sanitization: The skill mitigates risks by requiring explicit human confirmation (Step 3) of all data before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 06:17 PM