github-release-management
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill extensively uses the shell to execute
gh(GitHub CLI),npm, andgitcommands for managing releases, performing builds, and handling deployments. - [EXTERNAL_DOWNLOADS]: Downloads and executes the
claude-flowpackage from the NPM registry usingnpx. This is part of the vendor's intended functionality for swarm orchestration. - [REMOTE_CODE_EXECUTION]: Utilizes
npxto runclaude-flowandclaude-flow@alphawhich are vendor-specific tools used to perform the core release automation logic. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its data processing workflows.
- Ingestion points: Data enters the system from external commit messages and Pull Request titles/labels via
gh apiandgh pr listcommands. - Boundary markers: The skill does not define explicit delimiters (e.g., XML tags or triple quotes) to separate untrusted commit/PR data from agent instructions.
- Capability inventory: Agents have access to high-privilege capabilities including
Bashexecution, file system modifications (Write), and GitHub repository management via API. - Sanitization: The provided documentation does not show any sanitization or validation logic to filter potentially malicious instructions embedded in commit history or PR descriptions.
Audit Metadata