Skills
skills/grafana/xk6-docs/k6-docs-release/Gen Agent Trust Hub

k6-docs-release

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands using git, gh (GitHub CLI), and curl. These are used to push code, manage tags, create GitHub releases, and verify package availability on the Go module proxy. These operations are consistent with the skill's primary purpose of automating a release process.
  • [PROMPT_INJECTION]: The skill processes data that could serve as a vector for indirect prompt injection.
  • Ingestion points: Instructions require the agent to read AGENTS.md, history.md, and commit messages via git log.
  • Boundary markers: The skill does not define clear boundary markers or instructions to disregard potential commands found within these sources.
  • Capability inventory: The agent can perform significant actions including pushing code to a main branch, modifying repository releases, and posting announcements to Slack.
  • Sanitization: Content from these ingested sources is used to generate release notes and Slack messages without explicit sanitization or filtering logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 10:14 PM