release-skills
Warn
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute arbitrary shell commands defined within the
.releaserc.ymlconfiguration file viaprepare_artifactandpublish_artifacthooks. This allows a repository's configuration to control the agent's shell execution behavior. - [REMOTE_CODE_EXECUTION]: By delegating tasks to hooks defined in local configuration files, the skill creates a remote code execution vector. If an attacker can influence the contents of
.releaserc.yml(for example, through a Pull Request in an open-source project), they can trick the agent into running malicious code. - [DATA_EXFILTRATION]: The skill has the capability to push data to remote Git repositories using
git push. While this is a core part of the release process, it could be abused by malicious hooks to exfiltrate sensitive environment variables or local files during the release workflow. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data from untrusted sources to perform its tasks:
- Ingestion points: Reads
.releaserc.yml, commit messages (git log), and changelog files (CHANGELOG*.md). - Boundary markers: None identified; the skill directly processes and interpolates data from these files.
- Capability inventory: Executes
gitcommands and arbitrary shell hooks. - Sanitization: No explicit sanitization of input from configuration files or commit messages is mentioned before execution or inclusion in changelogs.
Audit Metadata