github-release-management
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Employs standard gh, git, and npm commands to automate the software release lifecycle, including tagging and deployment.
- [EXTERNAL_DOWNLOADS]: Dynamically executes the claude-flow tool via npx from the npm registry, which is a core component of the skill.
- [PROMPT_INJECTION]: Potential for indirect prompt injection exists in the automated changelog generation from external commit messages.
- Ingestion points: Git commit messages and PR titles fetched from the GitHub API.
- Boundary markers: Missing markers to distinguish between metadata and AI instructions.
- Capability inventory: Includes the ability to write to repositories, publish packages, and run local build scripts.
- Sanitization: No sanitization is applied to the retrieved metadata before processing.
Audit Metadata