Skills
skills/kentoshimizu/sw-agent-skills/github-release-management/Gen Agent Trust Hub

github-release-management

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/draft_release_notes.py executes the git binary to retrieve repository information.
  • Evidence: The run_git function uses subprocess.run to execute commands starting with git (e.g., git log).
  • Context: This is a legitimate requirement for the skill's stated purpose of release management. The implementation uses a list of arguments rather than a shell string, which follows security best practices for preventing command injection.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it processes untrusted commit messages from the repository history and includes them in its output.
  • Ingestion points: scripts/draft_release_notes.py ingests commit subjects and author names from the output of git log.
  • Boundary markers: The script does not utilize delimiters or specific instructions to the agent to ignore any potential commands embedded within the commit messages.
  • Capability inventory: The skill has the capability to execute local commands via subprocess.run and write files to the disk via the --out parameter.
  • Sanitization: There is no evidence of sanitization or filtering of the commit content before it is rendered into the release notes markdown template.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 08:38 PM