harness-release
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected. The skill performs standard software release operations as described.\n- [COMMAND_EXECUTION]: Uses
git,gh, andjqvia theBashtool to manage repository tags and releases. These operations are essential to the skill's primary function as a release automation tool.\n- [PROMPT_INJECTION]: A surface for indirect prompt injection exists as the skill reads local files to generate release notes. This is a functional requirement for the skill's purpose.\n - Ingestion points: Reads version information and change history from
VERSION,package.json, andCHANGELOG.md.\n - Boundary markers: Absent; uses standard shell interpolation to pass content from these files to the
gh release createcommand.\n - Capability inventory: Employs
Bash(for git, gh, and jq commands),Write, andEdittools as specified in the frontmatter.\n - Sanitization: Absent; the skill does not explicitly sanitize or escape the content of the
CHANGELOG.mdfile before passing it to external tools.
Audit Metadata