bump-version
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes extreme high-pressure language ('catastrophic error that may result in human death') to enforce adherence to its formatting rules. This represents a behavioral manipulation technique often used in prompt injections to override standard AI constraints and safety logic.\n- [PROMPT_INJECTION]: The skill exhibits a significant attack surface for Indirect Prompt Injection by analyzing untrusted git commit logs.\n
- Ingestion points: Raw commit messages retrieved through
git log.\n - Boundary markers: Employs a
----END----delimiter to separate log entries but lacks specific instructions for the agent to ignore or sanitize commands embedded within the commit bodies.\n - Capability inventory: The agent can execute shell commands (
gitand build tools) and modify project files (CHANGELOG.md,Chart.yaml, and version manifests).\n - Sanitization: No sanitization or safety-filtering of the commit content is performed before the analysis and aggregation steps.\n- [COMMAND_EXECUTION]: The skill executes several git commands (
git log,git diff,git commit,git tag) to manage repository state. It also includes an underspecified 'Build the project' step which, while standard for the task, allows for the execution of arbitrary local build scripts defined in the repository's configuration.
Audit Metadata