jaan-release
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes several local shell scripts (e.g., '.claude/scripts/validate-compliance.sh', 'scripts/validate-security.sh') and standard CLI utilities ('git', 'gh', 'jq') to automate the release workflow.
- [EXTERNAL_DOWNLOADS]: Runs 'npm ci' within the 'website/docs' directory to fetch and install project dependencies from the well-known npm registry.
- [DATA_EXFILTRATION]: Interacts with GitHub via 'git push' and 'gh pr create' to manage branches and pull requests for the vendor-owned repository ('parhumm/jaan-to'). These interactions target a well-known service and are necessary for the skill's primary functionality.
- [PROMPT_INJECTION]: Ingests and processes potentially untrusted data from git history and changelogs to generate release content. The skill mitigates Indirect Prompt Injection risks through the implementation of four mandatory 'HARD STOP' human approval gates. 1. Ingestion points: Reads git commit history, 'CHANGELOG.md', and 'roadmap.md' to automate release notes generation. 2. Boundary markers: Relies on explicit confirmation prompts and manual review gates rather than technical delimiters. 3. Capability inventory: Uses git and GitHub CLI tools, and executes local scripts and npm build commands. 4. Sanitization: Utilizes local security validation scripts to audit repository state before performing any modifications.
Audit Metadata