claw-release
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of system binaries (bash, git, jq, gh) and a local script (./scripts/release-skill.sh) to automate the release process.
- [DATA_EXFILTRATION]: The workflow involves pushing commits and tags to remote GitHub repositories and creating releases, which is the expected primary purpose of a release management tool.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from other skill files to automate metadata updates, creating a surface for indirect instruction processing.
- Ingestion points: Reads version information and metadata from skill.json and SKILL.md files.
- Boundary markers: No explicit delimiters are used to wrap data ingested from external files.
- Capability inventory: Possesses the ability to perform git operations (commit, tag, push) and create GitHub releases via CLI.
- Sanitization: Content is parsed for versioning but no explicit sanitization or validation of the ingested strings is described.
Audit Metadata