release-publishing
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation includes examples of executing shell commands such as
bun,npm,gh,git, andturbo. These commands are used to build project artifacts, manage version tags, and publish packages to registries. This is a standard capability for release automation and is used here in its intended context. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external files that could be influenced by a third party.
- Ingestion points: The workflow processes files from the
.changeset/directory and theCHANGELOG.mdfile during version bumping and release note generation. - Boundary markers: No explicit markers or instructions are provided to the agent to treat the contents of these files as data rather than instructions.
- Capability inventory: The agent possesses the ability to execute shell commands and modify the local filesystem, which could be leveraged if malicious instructions were successfully injected into the processed files.
- Sanitization: The skill does not define any sanitization or validation logic for the content read from changesets or changelogs before it is used in automation steps.
Audit Metadata