Skills
skills/mgiovani/cc-arsenal/git-release/Gen Agent Trust Hub

git-release

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection when analyzing commit history to determine version bumps.
  • Ingestion points: Commit messages are ingested from the local repository using git log and passed to a parallel AI agent for classification in Phase 2.
  • Boundary markers: The instructions for the classification agent lack delimiters (such as XML tags or triple backticks) to separate instructions from the untrusted commit data, and do not include warnings to ignore instructions embedded in the data.
  • Capability inventory: The skill has broad capabilities including modifying local version files (e.g., package.json, pyproject.toml), writing to CHANGELOG.md, and performing remote operations via git push and gh release create.
  • Sanitization: There is no evidence of sanitization or filtering of commit bodies before they are processed by the LLM, allowing a malicious commit message to potentially influence the agent's logic.
  • [COMMAND_EXECUTION]: The skill relies on executing various shell commands to manage the git lifecycle and GitHub integration.
  • Evidence: Uses git for history traversal, tagging, and pushing, and gh CLI for creating platform-specific releases. While these are legitimate functions for a release tool, they constitute a high-privilege capability set triggered by external data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 08:41 PM