gh-oss-release-prep
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard development tools and repository scripts to ensure code quality and release readiness. This includes running Go linters like "golangci-lint" and "deadcode", as well as project-specific scripts defined in "package.json" for Node.js projects. It also performs local Git operations to manage tags and versioning.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it reads and analyzes content from the files within the repository being processed.
- Ingestion points: Reads file system structure, documentation (README.md), source code, and configuration files from the local repository.
- Boundary markers: The workflow does not specify the use of delimiters or specific safety instructions when processing file content to distinguish it from the agent's instructions.
- Capability inventory: The agent has the ability to execute shell commands (git, npm, linters) and report findings based on the data it reads.
- Sanitization: No explicit sanitization or validation of file content is performed before the data is ingested and processed by the agent.
Audit Metadata