qe-github-release-management
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill relies on the external package 'claude-flow', which is downloaded and executed at runtime via 'npx'.
- Evidence: Multiple occurrences of 'npx claude-flow' and 'npx claude-flow@alpha' throughout SKILL.md for release management, changelog generation, and swarm initialization.
- [COMMAND_EXECUTION]: The skill frequently executes shell commands to interact with the GitHub CLI (gh), git, and npm.
- Evidence: Use of the 'Bash' tool to run 'gh api', 'gh release', 'npm version', and 'git checkout'.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted external data that is then processed by AI agents.
- Ingestion points: Git commit messages and Pull Request titles/labels/bodies fetched via 'gh api' and 'gh pr list' in SKILL.md.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when passing this data to the 'claude-flow' tool.
- Capability inventory: The skill possesses significant capabilities including file writing ('Write'), arbitrary shell command execution ('Bash'), and the ability to spawn further agents ('mcp__claude-flow__agent_spawn').
- Sanitization: No visible evidence of escaping or validating the content of commits or PR descriptions before they are used to generate changelogs or influence release logic.
Audit Metadata