release
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple local shell scripts (e.g.,
./scripts/release-start.sh,./scripts/release.sh,./scripts/docker-onboard-smoke.sh) to perform builds, tests, and deployment tasks. These operations are core to the skill's purpose as a release coordinator. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing external data from git history. (1) Ingestion points: Git commit messages and file diffs are read using
git logandgit diffinSKILL.md(Step 1). (2) Boundary markers: Absent; the skill does not use specific delimiters to isolate git log data from its own instructions. (3) Capability inventory: Subprocess execution of local shell scripts, git push operations, and npm package publishing. (4) Sanitization: No evidence of sanitization or filtering for the data ingested from git history.
Audit Metadata