Skills
skills/paulrberg/dot-agents/bump-release/Gen Agent Trust Hub

bump-release

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the command just full-write if a justfile is detected in the repository to format the changelog and package files.
  • [COMMAND_EXECUTION]: The skill performs several git operations, including git status, git commit, and git tag, to facilitate the release process.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection from processed repository data.
  • Ingestion points: Data is ingested from package.json, CHANGELOG.md, and git diff outputs.
  • Boundary markers: The instructions lack delimiters or specific warnings for the agent to ignore instructions embedded in the project's git history or files.
  • Capability inventory: The skill has the ability to execute shell commands (git, just) and modify local files.
  • Sanitization: The skill applies a scope filter based on the files field in package.json to limit data ingestion, but it does not perform content-level sanitization on commit messages.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:32 AM