prepare-release
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands, including
git push,python3, and custom CLI toolsgeminiandcodex. Thepython3command uses a heredoc to execute a script which is explicitly stated to be sourced from an external file (CLAUDE.md). - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Git commit logs and diff outputs are interpolated directly into command-line arguments for LLM-powered tools (
geminiandcodex) without sanitization or boundary markers. A malicious contributor could craft commit messages designed to manipulate the changelog generation or release type classification logic.
Audit Metadata