Skills
skills/huangwb8/skills/git-publish-release/Gen Agent Trust Hub

git-publish-release

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the project's git history.
  • Ingestion points: The skill retrieves commit history using git log and passes this content directly to the LLM to summarize and categorize changes in SKILL.md.
  • Boundary markers: The analysis of SKILL.md reveals no explicit delimiters or instructions to the LLM to treat the commit messages as untrusted data that should not be interpreted as instructions.
  • Capability inventory: The skill has the capability to execute shell commands (git, curl, bash), read and write local files (.env, .gitignore), and perform network requests to the GitHub API.
  • Sanitization: While the skill mentions JSON escaping for the final API payload, there is no evidence of sanitization or filtering of commit messages to prevent them from containing instructions that could hijack the LLM's behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 07:28 AM