nav-release
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill utilizes the
Bashtool to perform significant repository actions, includinggit push origin main,git tag, andgh release create. These operations modify remote repository state and are appropriate for a release tool but require user trust in the repository configuration. - COMMAND_EXECUTION (LOW): Executes a local file
functions/release_validator.py. The source code for this script is not provided in the skill definition, meaning its exact behavior cannot be verified by this analysis. - COMMAND_EXECUTION (LOW): Employs
rm -rfto delete the~/.claude/plugins/cache/navigator-marketplace/directory. Although this is a destructive command, it is targeted at a specific application cache folder to facilitate clean testing. - INDIRECT_PROMPT_INJECTION (LOW): The skill ingests local files such as
RELEASE-NOTES-vX.Y.Z.mdandplugin.jsonto populate release metadata. While this creates a surface for processing untrusted content if the repository is compromised, the impact is limited to the release description and metadata.
Audit Metadata