rls
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted repository data that could contain malicious instructions. 1. Ingestion points: The agent retrieves commit messages and diffs via git log, tnctl rls diff, and tnctl rls note (SKILL.md). 2. Boundary markers: There are no specific delimiters or ignore instructions used to isolate this untrusted text from the agent's execution context. 3. Capability inventory: The skill has significant capabilities, including the ability to push changes to remote repositories via git push* (SKILL.md). 4. Sanitization: No sanitization or filtering of the commit data is performed before it is processed by the AI.
- [COMMAND_EXECUTION]: The tool permissions utilize broad wildcards, specifically Bash(git checkout*), Bash(git cherry-pick*), and Bash(git push*). These allow the agent to manipulate any branch or push to any remote, which could be exploited if the agent is influenced by malicious input.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the tnctl CLI tool via pip install as a prerequisite. While this is expected for the skill's functionality, it introduces an external dependency that must be managed and verified by the user.
Audit Metadata