Skills
skills/luongnv89/skills/release-manager/Gen Agent Trust Hub

release-manager

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the environment to generate release notes.
  • Ingestion points: The skill reads external data from git log, gh pr list, and gh issue list to categorize changes.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potentially malicious instructions embedded in commit messages or PR titles.
  • Capability inventory: The skill can execute shell commands (git, npm, pip, gh), perform file writes, and push code/packages to remote registries.
  • Sanitization: No sanitization or filtering is performed on the ingested text before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill automatically detects and executes build scripts defined within the repository's configuration files (e.g., npm run build in package.json, make build in Makefile, cargo build in Cargo.toml). This allows for the execution of arbitrary commands defined in the project being released.
  • [EXTERNAL_DOWNLOADS]: The skill executes pip install --upgrade build twine to ensure build tools are present. These packages are sourced from the official PyPI registry, which is a well-known and trusted service.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 06:03 PM