Skills
skills/cherryhq/cherry-studio/prepare-release/Gen Agent Trust Hub

prepare-release

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands to interact with the local Git repository, including git describe to find tags, git log to extract commit history, and a sequence of git checkout, git add, git commit, and git push to manage release branches. These operations are essential for the skill's stated purpose of automating releases.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted data.
  • Ingestion points: The agent reads commit titles and bodies (specifically content within release-note blocks) via git log in SKILL.md Step 2.
  • Boundary markers: There are no explicit instructions or delimiters provided to the model to ignore potential commands embedded within the commit messages during the summarization and translation phase (Step 3).
  • Capability inventory: The agent has the ability to write to the local filesystem (package.json, electron-builder.yml) and push changes to a remote repository via Git commands.
  • Sanitization: No sanitization or validation of the commit message content is performed before it is processed by the LLM for release note generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 08:04 AM