release
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill ingests untrusted data from GitHub PRs and git tags. This risk is mitigated by requiring manual user confirmation for versioning and using literal heredocs to prevent shell interpolation of release notes. Evidence Chain: Ingestion points (PR data and git tags in SKILL.md); Boundary markers (Absent); Capability inventory (git push, gh release create); Sanitization (AskUserQuestion for confirmation).
- [Command Execution] (SAFE): Uses standard git and GitHub CLI commands necessary for release management. Operations like force-pushing the development branch are part of the stated release workflow and are used with appropriate safety flags like --force-with-lease.
Audit Metadata