release
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill ingests untrusted data from CHANGELOG.md to generate GitHub release notes and possesses the capability to modify source code and push directly to the main branch. This creates a risk where a compromised changelog could influence release metadata or facilitate the publication of malicious code.
- Command Execution (LOW): The skill executes local commands for linting, testing, and version control (ruff, pytest, git, gh). While legitimate, this represents a significant local command execution surface.
- Metadata Poisoning (LOW): The skill relies on specific string formats in init.py and CHANGELOG.md. Manipulation of these files could lead to versioning inconsistencies or broken release pipelines.
Audit Metadata