version-management
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to create and make scripts executable.\n
- Evidence: The skill executes
chmod +xon generated scriptsscripts/version-manager.shandscripts/gradle-version.sh.\n - Context: These are standard operations for installing local utility scripts and are performed on files authored by the skill itself.\n- [PROMPT_INJECTION]: The version management logic is exposed to indirect prompt injection via repository tags.\n
- Ingestion points: The
get_latest_versionfunction inversion-manager.shreads external data usinggit tag -l.\n - Boundary markers: No specific delimiters or warnings are used to wrap the version data.\n
- Capability inventory: The skill can write to the filesystem (
version.properties) and set GitHub Action outputs viaGITHUB_OUTPUT.\n - Sanitization: Version strings are parsed using
IFS='.'andsed, providing structural validation but no explicit shell escaping.
Audit Metadata