release-please-protection
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected in this skill. All analyzed components align with its stated purpose of protecting release automation workflows.
- [COMMAND_EXECUTION]: The skill mentions shell commands in its documentation (e.g., git, vim, mv) only as examples or instructions for the user to follow manually. It does not include scripts or tools that automatically execute arbitrary or dangerous commands.
- [DATA_EXFILTRATION]: The skill uses safe, read-only tools (Read, Grep, Glob) and does not perform any network operations beyond referencing official documentation for well-known services (GitHub, Conventional Commits, Semantic Versioning).
- [CREDENTIALS_UNSAFE]: No hardcoded credentials, API keys, or sensitive secrets were found. Instructions regarding configuration files (e.g., settings.json) are provided for user management purposes and do not involve harvesting sensitive data.
- [PROMPT_INJECTION]: The instructions are clearly defined and do not contain attempts to override agent safety guidelines, bypass system constraints, or extract system prompts.
Audit Metadata