desktop-release
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to automate git workflows, including branching, committing, and pushing changes. It also executes a project-specific script (
pnpm bump). These operations are essential for the release process and are scoped to the local repository. - [PROMPT_INJECTION]: The skill ingests untrusted data from git commit logs and the
changelog/next.mdfile. This data is processed by the agent to categorize changes, which introduces a surface for indirect prompt injection if commit messages contain malicious instructions. - Ingestion points: Git log output and
apps/desktop/changelog/next.mdfile contents. - Boundary markers: No specific delimiters are implemented to separate external data from the agent's internal instructions.
- Capability inventory: The skill allows file writing, git repository modifications, and execution of the local
pnpm bumpcommand. - Sanitization: There is no evidence of sanitization or filtering for the commit messages before they are presented for categorization.
Audit Metadata