release
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to manage the release process, including git, npm, gh, and awk. These commands are standard for software development and are used within the documented scope.
- [DATA_EXFILTRATION]: Performs network operations to push code to GitHub and publish packages to registries like npm or PyPI. These actions are the primary purpose of the skill and are performed with user confirmation.
- [PROMPT_INJECTION]: The skill processes untrusted data from commit messages and changelog files to generate release notes. 1. Ingestion points: git log and CHANGELOG.md; 2. Boundary markers: Absent; 3. Capability inventory: git push, gh release create, and package publishing; 4. Sanitization: Absent, relies on user confirmation.
Audit Metadata