release-procedures
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Significant Indirect Prompt Injection surface. * Ingestion points: Reads package.json, CHANGELOG.md, and status files from agent-output/uat/ and agent-output/qa/. * Boundary markers: None identified; data is processed directly into the agent context or shell variables. * Capability inventory: Can execute git push, npm publish, twine upload, and gh release, which modify external systems. * Sanitization: The shell scripts employ regex validation ([0-9]+.[0-9]+.[0-9]+) to ensure version strings are well-formatted before comparison, which mitigates simple command injection via version numbers but does not neutralize potential instructions embedded in other processed files.
- [COMMAND_EXECUTION] (LOW): The skill utilizes local shell commands for metadata extraction and environment cleanup. * Evidence: Employs jq and grep to parse project files. These operations are standard for the stated purpose of version verification.
Recommendations
- AI detected serious security threats
Audit Metadata