Release Preflight Skill
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute several local scripts for release validation and deployment, including 'scripts/release-preflight.ps1', 'scripts/release-vscode.ps1', 'scripts/release-m365.ps1', and '.github/muscles/build-extension-package.ps1'.
- [CREDENTIALS_UNSAFE]: Documentation references the use and configuration of Personal Access Tokens (PATs) for releases. While no secrets are hardcoded in the skill definition, the workflow relies on these sensitive credentials being available in the environment or handled by the scripts, posing a risk if the environment is compromised.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from the repository to perform high-privilege actions.
- Ingestion points: The skill reads and synchronizes versions across 'CHANGELOG.md', 'package.json', 'ROADMAP-UNIFIED.md', and documentation files.
- Boundary markers: There are no explicit instructions or delimiters used to prevent the agent from following instructions potentially embedded in the changelog or other files.
- Capability inventory: The skill has the capability to execute PowerShell/Node.js scripts and perform 'git commit', 'git tag', and 'git push --tags' operations.
- Sanitization: No sanitization or validation of the content read from files is specified before it is used in automation commands.
Audit Metadata