release-skills
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
bashtool to execute local git commands (git log,git tag,git diff,git push) and GitHub CLI commands (gh pr view,gh repo view). These are necessary for its primary function of managing releases. - [DATA_EXFILTRATION]: The skill is designed to push local repository changes and tags to a remote 'origin' server via
git push. While this is expected behavior for a release tool, it involves sending local project data to an external server. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests untrusted data from the environment to influence its output.
- Ingestion points: Reads data from
git log,git diff, pull request details viagh pr view, and project configuration files (SKILL.md). - Boundary markers: The instructions do not specify boundary markers or delimiters when interpolating git history or PR descriptions into the prompt for changelog generation.
- Capability inventory: The skill has access to
bashfor system commands andwritefor modifying local files (SKILL.md). - Sanitization: There is no evidence of sanitization or filtering of commit messages or PR content before they are used to generate natural language changelog entries.
Audit Metadata