release
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill performs standard repository operations using
git,jq, and various build tools (e.g.,npm,go,cargo). These are restricted to local development tasks such as tagging, committing, and running tests. - [DATA_EXFILTRATION]: The skill documentation establishes clear boundaries, stating that no pushing or publishing to external services occurs. All release artifacts and metadata are stored within the local project structure.
- [PROMPT_INJECTION]: The skill processes untrusted git commit history for changelog generation. It correctly treats this information as data to be classified rather than instructions to be executed, minimizing the risk of indirect injection.
- [EXTERNAL_DOWNLOADS]: No remote scripts or external packages are downloaded during the execution of this skill. It relies exclusively on local scripts and pre-installed developer tools.
Audit Metadata