plot-release
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local git and shell commands (e.g., git tag, git push, git commit, mkdir) to manage the release workflow. These operations are standard for development tools and are gated by user confirmation.
- [DATA_EXFILTRATION]: The skill uses git push to transmit tags and release documentation to the remote repository ('origin'). This is the intended behavior for cutting a release and is not directed at unauthorized third-party domains.
- [PROMPT_INJECTION]: The skill reads and processes content from local files in the docs/plans/delivered/ directory to generate release notes, which introduces a surface for indirect prompt injection.
- Ingestion points: Files within the docs/plans/delivered/ directory are read to extract changelog sections.
- Boundary markers: There are no explicit delimiters or instructions to prevent the agent from interpreting content from these files as instructions.
- Capability inventory: The skill can perform file writes, commit changes to the repository, and push to the remote.
- Sanitization: Content from the plan files is interpolated into generated documents without sanitization or validation.
Audit Metadata