release-manager
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Multiple F# scripts (
monitor-pr.fsx,monitor-release.fsx,prepare-release.fsx,resume-release.fsx,validate-release.fsx) execute system commands using thegh(GitHub CLI),git, anddotnetbinaries. - Evidence: Use of
ProcessStartInfoto trigger GitHub Actions workflows, query issue status, and interact with the git repository. - [EXTERNAL_DOWNLOADS]: F# scripts utilize
#r "nuget: ..."directives to dynamically load libraries at runtime from the NuGet package registry. - Evidence: Downloads include standard, well-known libraries such as
Spectre.Console,Argu, andSystem.Text.Json. - [PROMPT_INJECTION]: The
resume-release.fsxscript exhibits a surface for indirect prompt injection by processing untrusted data from external sources. - Ingestion points: The
getIssueBodyAsyncfunction reads the body text of a GitHub tracking issue viagh issue view. - Boundary markers: None present; the script assumes the issue body follows the expected markdown template.
- Capability inventory: Based on the parsed issue content, the script can trigger remote GitHub Action workflows (
gh workflow run) and post comments to issues (gh issue comment). - Sanitization: The script uses Regular Expressions to parse the issue body for checklist states and version strings but does not strictly validate the input against a fixed schema or escape content before processing logic.
Audit Metadata