release-skills
Fail
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes git and GitHub CLI (
gh) to perform legitimate release operations, such as viewing commit logs, tagging releases, and pushing changes to remote repositories. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from git commit logs and pull request metadata to perform its core logic.
- Ingestion points: Commit messages retrieved via
git logand pull request author information fromgh pr vieware used to generate changelog content. - Boundary markers: The skill does not implement specific delimiters or instructions to ignore embedded commands within the commit messages being processed.
- Capability inventory: The skill has the ability to write to project configuration files (e.g.,
package.json,pyproject.toml) and execute network-based commands (git push). - Sanitization: There is no evidence of sanitization or escaping of the commit messages before they are incorporated into the changelog or used to determine version bump recommendations.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata