em-release
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection vulnerability surface identified in the release automation flow.
- Ingestion points: The skill reads external, potentially untrusted data via
git diff,git log, andcat CHANGELOG.mdin Phases 1 and 3. - Boundary markers: Absent. The instructions do not define clear delimiters or provide the agent with 'ignore instructions' warnings for the data being analyzed.
- Capability inventory: The agent has the power to execute shell commands including
git commit,git push, andgh release create(subprocess execution). - Sanitization: While the shell command for
gh releaseuses a quoted heredoc (<<'EOF') to prevent direct shell injection from the content of the release notes, the agent's internal reasoning and summarization logic remain vulnerable to instruction overrides embedded in commit messages or code comments. - [COMMAND_EXECUTION] (SAFE): The skill performs standard repository management operations. The use of
gitandgh(GitHub CLI) is necessary for the stated purpose of creating releases. No obfuscated commands or suspicious privilege escalation attempts (likesudo) were detected.
Audit Metadata