plot-release
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell-based operations using git and the gh CLI to manage tags, commits, and pushes. These actions are transparently documented and aligned with the skill's primary purpose of release management.
- [SAFE]: The workflow explicitly requires user confirmation before executing any state-changing operations, such as version bumping or pushing to a remote origin, preventing unintended or unauthorized changes.
- [PROMPT_INJECTION]: Analysis identified a surface for indirect prompt injection as the skill processes untrusted data from local plan files. 1. Ingestion points: Reads content from '## Changelog' sections in 'docs/plans/delivered/' (SKILL.md). 2. Boundary markers: Absent; extracted text is directly used in checklist templates. 3. Capability inventory: Subprocess calls for 'git tag', 'git push', and 'git commit'. 4. Sanitization: Absent; content is extracted and presented without specific filtering. However, the requirement for human verification of the resulting release notes acts as a significant mitigation.
Audit Metadata