start-release
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) due to unsafe interpolation of user arguments into shell commands.
- Ingestion points: The
<version>argument provided by the user is captured in$ARGUMENTS. - Boundary markers: Absent. The skill does not instruct the agent to validate or sanitize the input before use.
- Capability inventory: The skill has access to
Bash(git:*),Read, andWritetools. - Sanitization: Absent. The instruction
git flow release start $ARGUMENTSallows for potential command chaining or argument injection (e.g., version strings containing;or--). - [COMMAND_EXECUTION] (LOW): The skill explicitly allows the execution of git-related bash commands and remote push operations.
- Evidence:
allowed-tools: Bash(git:*)and the actiongit push -u origin release/$ARGUMENTS. - Context: While this is the primary purpose of the skill, the lack of input validation for the branch name/version increases the risk of unintended repository modifications.
Audit Metadata