gspdev-publish
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute git and gh (GitHub CLI) commands for repository management, branching, PR handling, and release creation. It also executes a local audit script dev/scripts/audit-tests.sh. These actions are consistent with the skill's primary purpose.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from git history and the changelog file.
- Ingestion points: Data enters the context via the CHANGELOG.md file and git log output.
- Boundary markers: The skill lacks explicit boundary markers or instructions to ignore potential commands embedded in commit messages or changelog entries.
- Capability inventory: The skill possesses significant capabilities, including the ability to execute shell commands, modify repository files, and interact with the GitHub API to manage releases and milestones.
- Sanitization: No sanitization or validation of external content is performed before it is processed by the agent.
Audit Metadata