version-release
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard git, gh (GitHub CLI), and bun commands to perform repository management tasks such as switching branches, pulling updates, pushing code, and creating pull requests. These actions are consistent with the skill's intended purpose of managing version releases and are performed using the local environment's established credentials.
- [INDIRECT_PROMPT_INJECTION]: The skill includes instructions to read untrusted data from git logs and diffs to generate changelogs. 1. Ingestion points: git log main..canary --oneline and git diff main...canary --stat (found in SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Repository write access via git push and gh pr create. 4. Sanitization: Instructions guide the agent to summarize and categorize the information into a specific format, reducing the risk of executing embedded instructions within commit messages.
Audit Metadata