Skills
skills/laurigates/claude-plugins/configure-release-please/Gen Agent Trust Hub

configure-release-please

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches the latest version tag of release-please-action from GitHub's official API (api.github.com). This is a well-known service and the operation is used to ensure the project uses the most recent version of the action.- [COMMAND_EXECUTION]: Uses standard CLI tools like find, curl, and jq to inspect the file system and process JSON data from trusted sources. These operations are restricted to the local project directory and official GitHub APIs.- [PROMPT_INJECTION]: The skill processes data from local project files, creating an indirect prompt injection surface.
  • Ingestion points: Reads package.json, pyproject.toml, Cargo.toml, go.mod, release-please-config.json, and .release-please-manifest.json from the project root.
  • Boundary markers: None explicitly defined for prompt interpolation.
  • Capability inventory: Includes Bash (via find, curl, jq), Write, and Edit tools.
  • Sanitization: Uses jq to validate JSON structure before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 12:58 PM