Skills
skills/jim60105/copilot-prompt/bump-version/Gen Agent Trust Hub

bump-version

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The instructions employ manipulative reinforcement techniques, such as claiming a formatting error is a "catastrophic error that may result in human death," to pressure the AI into strict compliance with output rules.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It retrieves commit messages from the project history and analyzes them to generate a changelog. Malicious commit messages authored by external contributors could contain hidden instructions intended to hijack the agent's behavior during the analysis phase.
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands, including git operations and generic project build commands. Building a project is a significant attack surface, as it can trigger arbitrary code execution via build hooks (e.g., npm scripts, Makefiles, or setup.py) if the repository content is untrusted.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 11:41 PM