github-release
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the git and gh command-line interfaces to perform repository management, version tagging, and release status checks. These operations are essential for its purpose and are mediated by safety scripts.
- [REMOTE_CODE_EXECUTION]: Includes several local shell and Python scripts (detect-ecosystem.sh, validate-pre-release.sh, suggest-version.sh, guard-gh-release.py) that are executed to analyze the project environment and enforce release safety rules.
- [EXTERNAL_DOWNLOADS]: The skill references and provides templates for well-known and established GitHub Actions, such as Anchore's SBOM action, the Sigstore Cosign installer, and Softprops' gh-release action. It also integrates with the author's official reusable workflows for TYPO3 projects.
- [DATA_EXFILTRATION]: Reads local configuration files (e.g., composer.json, package.json, ext_emconf.php) to extract version metadata. This information is processed locally to suggest version bumps and verify synchronization across the project without external leakage.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from the local filesystem, such as commit messages and CHANGELOG entries, to suggest version numbers. The risk of malicious data influencing agent behavior is mitigated by using dedicated regex-based utility scripts for extraction rather than direct prompt interpolation.
Audit Metadata