release
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected.
- Ingestion points: The skill reads configuration data and metadata from
Cargo.toml,package.json, and commit history viagit log. - Boundary markers: No explicit delimiters or safety instructions are defined to prevent the agent from executing instructions potentially embedded within these processed files or logs.
- Capability inventory: The skill allows the use of high-privilege tools including
Bash,Edit, andWrite, which can modify the repository and trigger external CI/CD workflows. - Sanitization: Data extracted from local files is interpolated directly into shell commands (e.g., version strings in git commit messages) without validation or escaping.
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to perform repository management and trigger release actions. - Evidence: Automates workflows using standard CLI tools such as
git,grep, and the GitHub CLI (gh). - Context: The execution of these commands is necessary and expected for the skill's primary function of release automation within the monorepo.
Audit Metadata