paw-tools-release
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes system commands using git and the GitHub CLI (gh) to automate tagging, committing, and pushing release artifacts.
- [COMMAND_EXECUTION]: Included Python scripts (parse_commits.py and detect_version_files.py) use subprocess.run with arguments passed as a list, which effectively prevents shell injection vulnerabilities.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses local project files such as package.json, Cargo.toml, and pyproject.toml to read and update version information. This access is restricted to the project root and is necessary for its stated purpose.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests git commit messages, which are external untrusted data, to generate changelogs. 1. Ingestion point: git log command output in references/03-changelog.md. 2. Boundary markers: No explicit delimiters are used for the LLM processing step. 3. Capability inventory: File system writes to CHANGELOG.md and version files, git push operations, and GitHub release creation. 4. Sanitization: The scripts/parse_commits.py script uses regex to validate and extract structured data from commit messages, and the release command in references/04-release.md uses quoted heredocs (<< 'EOF') to prevent shell expansion of the injected content.
Audit Metadata