leanspec-publishing
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFENO_CODECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for utilizing standard command-line tools such as
npm,pnpm,gh, andgitto manage software versions and execute publishing workflows. These operations are conducted within the scope of the vendor's official repositories and package registries. - [COMMAND_EXECUTION]: Includes instructions for setting executable permissions (
chmod +x) on compiled binaries. This is a routine operation required to ensure CLI tools function correctly on Unix-based operating systems after installation. - [EXTERNAL_DOWNLOADS]: Recommends installing development builds of the
lean-specpackage directly from the npm registry. These downloads originate from a well-known service and belong to the vendor's package scope. - [PROMPT_INJECTION]: The workflow for creating GitHub releases involves an ingestion surface where the agent generates release notes (
gh release create --notes ...). This presents a risk of indirect prompt injection if untrusted data is included in the notes without proper isolation. - Ingestion points: Release notes content used in
SKILL.mdandreferences/PUBLISHING.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified for the release notes.
- Capability inventory: The skill allows for repository modifications (
git push,gh release create) and package distribution (npm publish). - Sanitization: No validation or sanitization of the injected text is defined in the provided documentation.
Audit Metadata