Skills
skills/openai/openai-agents-python/final-release-review/Gen Agent Trust Hub

final-release-review

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • Command Execution: The skill executes local git commands and a provided bash script to automate the retrieval of release tags and repository metadata. These actions are standard for auditing software releases.
  • External Network Interaction: It synchronizes with remote sources using git fetch to ensure it has the latest commit history and tags. It also generates links to official repository diffs on GitHub for reviewer context.
  • Indirect Prompt Injection Surface: The skill processes external data such as git commit messages and code diffs which could potentially contain adversarial instructions.
  • Ingestion points: The agent ingests data from git diff and git log outputs to perform its audit.
  • Boundary markers: No explicit delimiters or instructions are used to separate ingested git data from the agent's primary directives.
  • Capability inventory: The skill executes local shell scripts and git commands to process repository information.
  • Sanitization: There is no evidence of sanitization or validation performed on commit messages or diff content before they are evaluated by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 05:21 AM