Skills
skills/roboco-io/hwp2md/release/Gen Agent Trust Hub

release

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Potential for Indirect Prompt Injection via git metadata.
  • Ingestion points: The skill processes untrusted data from git log and git describe --tags as shown in the release process steps in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between commit messages and operational instructions.
  • Capability inventory: The skill utilizes the Bash tool to perform git push, git tag, and goreleaser operations, and the Write tool to modify files.
  • Sanitization: There is no evidence of sanitization or filtering of the commit messages before they are processed for release notes generation.
  • [COMMAND_EXECUTION] (SAFE): The skill uses Bash to execute standard development commands such as git, make, and goreleaser. These operations are consistent with the skill's stated purpose of release automation and do not show signs of malicious intent or obfuscation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 05:46 PM