release
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill executes an unverified PowerShell script 'build_and_deploy.ps1' with '-ExecutionPolicy Bypass'. The script content is not included in the skill definition, posing a risk of arbitrary command execution if the script is malicious or tampered with.
- [CREDENTIALS_UNSAFE] (MEDIUM): The instructions explicitly direct the agent to access a '.env' file containing a 'PYPI_TOKEN'. This creates a clear target for credential theft and identifies where sensitive secrets are stored.
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill processes 'RELEASE_NOTES_HERE' as part of the 'gh release create' command. Ingestion points: Step 5 via command line argument. Boundary markers: None. Capability inventory: 'git push', 'uv publish', 'gh release create'. Sanitization: None. If these notes are sourced from untrusted PR descriptions or external contributors, it creates a surface for indirect injection that can influence the agent's high-privilege publishing actions.
Recommendations
- AI detected serious security threats
Audit Metadata