Skills
skills/posit-dev/skills/create-release-checklist/Gen Agent Trust Hub

create-release-checklist

Warn

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): Potential shell injection vulnerability in Step 5 of the workflow. The instructions direct the agent to extract the Package: and Version: fields from a local DESCRIPTION file and interpolate them into the --title argument of a gh issue create command. If the project file is maliciously crafted to include shell metacharacters (e.g., backticks, command substitution, or unclosed quotes) and the agent does not perform strict sanitization, this could lead to arbitrary command execution on the user's system.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface by ingesting untrusted data from local repository files (DESCRIPTION and NEWS.md).
  • Ingestion points: DESCRIPTION and NEWS.md files read via the Read tool.
  • Boundary markers: None. The agent is not instructed to treat the file content as untrusted or delimited.
  • Capability inventory: The agent has access to Bash, which it uses to run Rscript and gh CLI commands.
  • Sanitization: No sanitization or validation steps are defined before the extracted data is used in shell commands.
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard, reputable development tools including the usethis R package (a staple of R development) and the official GitHub CLI (gh). These are considered trustworthy sources for the intended use case.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 20, 2026, 06:05 PM