release
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to build packages, install dependencies with pnpm, and publish them to the npm registry.
- [COMMAND_EXECUTION]: It automates repository management by executing git and GitHub CLI (gh) commands to create tags, releases, and pull requests.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by reading content from local files (CHANGELOG.md) and interpolating it into command arguments for GitHub releases and pull request descriptions.
- Ingestion points: CHANGELOG.md is read via cat and sed in the GitHub release and PR creation steps.
- Boundary markers: No explicit delimiters or warnings are used to prevent the agent from interpreting instructions that might be embedded in the changelog content.
- Capability inventory: The skill has capabilities to execute shell commands, perform git operations, and interact with GitHub APIs via the gh tool.
- Sanitization: No sanitization or validation of the changelog content is performed before interpolation.
Audit Metadata