release
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local commands and scripts to perform release tasks. Specifically, it calls a project-specific script
./scripts/bump-version.shto update project metadata. It also utilizesgitfor branching, committing, tagging, and pushing, and the GitHub CLI (gh) to view pull requests/issues, create/merge PRs, and monitor CI runs. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external GitHub resources to build changelogs.
- Ingestion points: The skill fetches author information and PR/issue data using
gh pr viewandgh issue viewcommands. - Boundary markers: No specific delimiters or instructions are provided to the agent to isolate or ignore potentially malicious content within the fetched data.
- Capability inventory: The agent has the authority to perform high-impact actions, such as committing code, pushing tags, and merging pull requests, based on its interpretation of the processed data.
- Sanitization: There is no evidence of sanitization or validation of the data retrieved from GitHub before it is incorporated into generated markdown files or PR descriptions.
Audit Metadata