Skills
skills/cristoslc/swain/release/Gen Agent Trust Hub

release

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the .agents/release.override.skill.md file and git commit history. The override file is designed to take precedence over the skill's instructions, allowing for potential hijack of the release process.
  • Ingestion points: .agents/release.override.skill.md and git log output.
  • Boundary markers: Absent; the skill explicitly gives precedence to the override file.
  • Capability inventory: Full Bash access, filesystem Write/Edit, and git push operations.
  • Sanitization: Absent; no validation is performed on the override file or commit messages.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to perform git operations using strings sourced from the repository (tags, branch names, file paths). This presents a risk of command injection if the repository contains maliciously crafted file names or git metadata designed to exploit shell syntax.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 10:37 PM