release
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The workflow describes the execution of standard software development tools including 'npm audit' and 'pip audit'. These operations are consistent with the skill's primary purpose of release preparation and are orchestrated as tasks for sub-agents rather than direct script execution within the skill.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its interaction with untrusted repository data.
- Ingestion points: Git commit history (git logs) and repository source code files are processed by the 'aegis' and 'review-agent' sub-agents.
- Boundary markers: The task prompts lack explicit delimiters or instructions to ignore embedded commands within the processed data.
- Capability inventory: Sub-agents possess the capability to perform file writes (version bumping) and execute shell commands (E2E test suites).
- Sanitization: No sanitization or validation logic is defined to prevent malicious instructions in commit messages or code comments from influencing agent behavior.
- [NO_CODE] (SAFE): The skill consists entirely of a markdown configuration file and does not include any accompanying Python scripts, Node.js packages, or binary executables, significantly reducing its direct attack surface.
Audit Metadata