Skills
NYC
skills/microck/ordinary-claude-skills/github-release-management/Gen Agent Trust Hub

github-release-management

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): Critical vulnerability surface detected. Evidence: 1. Ingestion points: GitHub repository data (PRs, commits, issues). 2. Boundary markers: Absent (no code provided). 3. Capability inventory: Automated deployment, versioning, and rollback management. 4. Sanitization: Absent (no code provided). An attacker could embed instructions in a PR description to hijack the deployment process.
  • Command Execution (HIGH): The description mentions 'automated versioning, testing, [and] deployment', which necessitates high-privilege command execution. Without the skill source code, input validation and command injection safeguards cannot be verified.
  • No Code Provided (LOW): Only metadata was provided; the functional SKILL.md is missing, which prevents a full code-level audit of scripts and logic.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:16 AM