release
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/get_commits.pyutilizessubprocess.runwithshell=Trueto execute Git commands. This practice can be risky if any part of the command string is derived from untrusted input, potentially leading to shell injection. - [PROMPT_INJECTION]: The skill implements a workflow where Git commit messages are retrieved and passed to the AI to generate a release summary. This creates a surface for indirect prompt injection, where a malicious actor could include instructions within a commit message to manipulate the AI's behavior during the summarization process.
- Ingestion points:
scripts/get_commits.py(viagit log). - Boundary markers: None (the AI is provided with the raw commit messages without explicit delimiters or instructions to ignore embedded commands).
- Capability inventory: Subprocess calls for Git commands (
scripts/get_commits.py), file writing topubspec.yaml(scripts/bump_version.py), and remote repository updates (git pushas described in the release workflow). - Sanitization: None (no escaping, validation, or filtering of commit message content is performed before processing).
Audit Metadata