Skills
skills/fradser/dotclaude/finish-release/Gen Agent Trust Hub

finish-release

Warn

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to interpolate user-provided $ARGUMENTS directly into shell commands in Phase 4 (git flow release finish $VERSION) and Phase 5 (gh release create "v$VERSION"). This pattern is vulnerable to command injection if a user provides input containing shell metacharacters (e.g., ;, &&, or |) intended to execute arbitrary code.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading and processing external data from the git commit history and CHANGELOG.md and interpolating that content into the gh release create command notes.
  • Ingestion points: Git commit logs (Phase 3) and CHANGELOG.md (Phase 5).
  • Boundary markers: Absent; there are no instructions to the agent to treat the content as data only or to ignore embedded instructions.
  • Capability inventory: The skill has access to Bash(git:*), Bash(gh:*), and Write tools across its execution phases.
  • Sanitization: No sanitization or escaping of the ingested commit messages or changelog content is performed before interpolation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 1, 2026, 04:50 AM