github-release-management
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs extensive command-line operations using 'gh', 'git', and 'npm' for versioning, building, and publishing.
- [EXTERNAL_DOWNLOADS]: Orchestrates the execution of external tools via 'npx', specifically targeting the 'claude-flow' package suite. These are vendor-provided resources and part of the core functionality.
- [PROMPT_INJECTION]: A surface for indirect prompt injection exists due to the processing of untrusted external content.
- Ingestion points: The skill ingests Git commit messages and Pull Request titles/labels fetched through the GitHub API (SKILL.md, lines 80-84 and 417-428).
- Boundary markers: No explicit delimiters or boundary markers were identified to separate untrusted data from agent instructions.
- Capability inventory: The skill possesses significant capabilities including shell command execution (Bash), file system writes, and package deployment.
- Sanitization: There is no evidence of sanitization, validation, or escaping of commit messages or PR metadata before they are incorporated into generated release documentation.
Audit Metadata