release
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The
execfunction inscripts/analyze.tsandscripts/release.tsexecutes shell commands by passing string-interpolated arguments tosh -c. This pattern is susceptible to command injection if variables like the version string (provided via CLI arguments) or repository metadata (derived from git remotes) contain shell metacharacters such as semicolons or backticks. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from the environment. Ingestion point:
git logoutput inscripts/analyze.ts. Boundary markers: None. Capability inventory:git push,git tag,gh release create, and file writing inscripts/release.ts. Sanitization: The scripts use regular expressions for parsing conventional commits but do not sanitize the resulting content before interpolating it into shell commands or writing it to the changelog. - [EXTERNAL_DOWNLOADS]: The skill legitimately interacts with external services to perform release tasks. It utilizes
gitfor remote repository synchronization and the GitHub CLI (gh) for CI status monitoring and creating official releases on GitHub. these operations target well-known developer services.
Audit Metadata