release-skills
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using 'git' (log, tag, diff, add, commit, push) and 'gh' (pr view, repo view) to manage the release lifecycle and gather metadata from the repository environment.- [PROMPT_INJECTION]: The skill processes untrusted data from commit messages and existing changelog files to generate release notes, creating an indirect prompt injection surface. 1. Ingestion points: commit logs via 'git log' and content from 'CHANGELOG*.md' files. 2. Boundary markers: Absent; the skill does not use delimiters to isolate untrusted data. 3. Capability inventory: Includes 'git commit', 'git push', and filesystem write access to version files and changelogs. 4. Sanitization: Absent; the skill does not specify escaping or validation for commit messages before inclusion in prompt logic or output files.
Audit Metadata