release
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs automated Git operations and uses the GitHub CLI to manage tags and create releases. It also executes a local verification script 'bash scripts/verify-utility-sync.sh' to ensure project consistency.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external commit history. Evidence: 1. Ingestion points: Untrusted commit messages are read via 'git log'. 2. Boundary markers: No delimiters are used to separate commit data from instructions. 3. Capability inventory: The skill has command execution capabilities (Git, GitHub CLI, Bash). 4. Sanitization: No validation or filtering is applied to the commit data before it is used to generate release notes.
Audit Metadata