release-skills
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses git and gh (GitHub CLI) shell commands to identify tags, log changes, commit version updates, and push to remote repositories.
- [PROMPT_INJECTION]: Susceptible to indirect prompt injection via the consumption of git commit logs, which are external, untrusted strings. 1. Ingestion points: Reads commit messages via git log and PR details via gh pr view in SKILL.md steps 2, 4, and 5. 2. Boundary markers: No clear delimiters or safety instructions are provided to the agent to ignore potentially malicious instructions embedded in commit messages. 3. Capability inventory: The agent has permissions to perform file writes (version and changelog files), git commits, and git push operations as described in steps 6, 7, and 9. 4. Sanitization: No evidence of sanitization or filtering of commit message content before it is processed for changelog generation.
Audit Metadata