release-notes
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like git and gh (GitHub CLI) to retrieve repository history and manage releases. These commands are necessary for the skill's primary function.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing external data without sanitization. (1) Ingestion points: Reads commit messages, PR titles, and issue summaries from the repository history. (2) Boundary markers: No delimiters or instructions are used to distinguish repository content from agent instructions. (3) Capability inventory: The agent has the ability to execute shell commands, write files to the project root, and create GitHub releases. (4) Sanitization: No input validation or content filtering is performed on data retrieved from external git/GitHub sources.
Audit Metadata