release
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage the release lifecycle, including
uv sync -U,/verify-counts,just check, and severalgitcommands (log, describe, checkout, pull, tag, push). - [EXTERNAL_DOWNLOADS]: The
uv sync -Ucommand updates project dependencies by connecting to external Python package registries. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing untrusted data from git commit messages. * Ingestion points: Git commit history is ingested via
git log $(git describe --tags --abbrev=0)..HEAD --onelineas specified inSKILL.md. * Boundary markers: No delimiters or protective instructions are provided to the model to ignore potential instructions embedded in commit messages. * Capability inventory: The skill has the capability to modify project files (pyproject.toml), update dependencies, and execute remote git operations like pushing tags and deleting branches. * Sanitization: No sanitization or filtering logic is applied to the git log output before it is processed by the model for changelog generation.
Audit Metadata