github-release-management
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of system commands through the Bash() function and GitHub CLI (gh) to perform actions such as creating releases, managing branches, and handling deployments.
- [EXTERNAL_DOWNLOADS]: It leverages npx to dynamically fetch and execute the claude-flow toolset and other related packages. These resources are associated with the skill's author and represent intended orchestration functionality.
- [PROMPT_INJECTION]: The skill ingests commit messages and pull request titles from repository history to generate automated changelogs. This ingestion of untrusted data into an AI-driven process constitutes an indirect prompt injection surface.
- Ingestion points: Data enters via GitHub API queries for commit messages and PR metadata (e.g., gh api repos/:owner/:repo$compare/...).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the snippets that pass this data to the changelog generator.
- Capability inventory: The skill has the ability to execute shell commands (Bash), write files (Write), and execute node packages (npx).
- Sanitization: There is no evidence of filtering or sanitization of the commit/PR text before it is processed by the AI orchestration tool.
Audit Metadata