Release
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates the use of several development tools including
deno,jj,git,svbump, andchangelog. These tools are used for standard release tasks such as linting, testing, updating version files, and managing repository bookmarks/tags within the local development environment. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing commit history which may contain untrusted content.
- Ingestion points: Commit messages are retrieved via
jj login Step 1. - Boundary markers: There are no explicit delimiters or instruction-ignore warnings applied when the agent processes the commit logs.
- Capability inventory: The skill possesses the capability to perform file system writes, commit changes to the repository, and push those changes to a remote server.
- Sanitization: The workflow incorporates a mandatory human-in-the-loop verification step in Step 3, requiring the user to review the unreleased changelog entries. This manual check serves as a primary defense against malicious instructions that might be embedded in commit messages from influencing the final release output.
Audit Metadata