release-automation
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various shell commands including
sed,git,gh(GitHub CLI), and the Gradle wrapper./gradlew. These commands are used to programmatically update version files, commit changes to the 'develop' branch, and interact with GitHub's PR and Workflow APIs. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from GitHub pull request titles and bodies.
- Ingestion points: The skill reads external PR metadata through
gh pr listcommands inSKILL.mdto determine formatting conventions. - Boundary markers: Absent. There are no instructions to isolate or treat data from external PRs as untrusted before using it to generate new PR content.
- Capability inventory: The agent can execute arbitrary shell commands via the described flow, including
git pushandgh workflow run. - Sanitization: No sanitization or escaping of the fetched PR titles or bodies is performed before interpolating them into subsequent commands.
Audit Metadata