release-har
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform standard release operations such as git status, git commit, git tag, and git push. It also uses the GitHub CLI (gh) to create releases and the npm CLI for version management in Node.js projects. These operations are consistent with the skill's primary purpose.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its requirement to read and process untrusted external data from the repository environment.
- Ingestion points: The skill reads commit messages via git log, code changes via git diff, and text content from CHANGELOG.md and project configuration files (package.json, pyproject.toml, etc.).
- Boundary markers: Absent. The instructions do not specify any delimiters or safety prompts to prevent the agent from interpreting instructions found within logs or changelog entries as its own.
- Capability inventory: The skill has access to Bash, Edit, and Write tools, which could be leveraged if an agent is successfully influenced by an indirect injection.
- Sanitization: None detected. Content read from the repository is processed directly without escaping or verification.
Audit Metadata