finish-release
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it executes commands derived from local repository data.\n
- Ingestion points: Phase 2 reads test commands from
package.jsonandMakefile.\n - Boundary markers: None present; the agent is not instructed to ignore malicious instructions within these files.\n
- Capability inventory: Uses
Bashto execute the identified scripts and manage the release viagitandgh.\n - Sanitization: No validation is performed on the commands retrieved from configuration files before they are passed to the shell.\n- [COMMAND_EXECUTION]: The skill performs significant repository operations including branch merging, tagging, and pushing using
git. It also creates external releases using theghtool.
Audit Metadata