org-releases
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a specific local shell script at
~/.claude/scripts/org-releases.shto collect repository status. - [COMMAND_EXECUTION]: Executes
R CMD checkfor R packages and test suites for Julia packages, which involves running language-specific commands. - [REMOTE_CODE_EXECUTION]: Running tests on repositories is an inherent part of the release process but allows for the execution of arbitrary code contained within those repositories' test files.
- [PROMPT_INJECTION]: The skill includes instructions to 'automatically exit' and 'spawn a team', which are control-flow instructions that direct the agent's high-level behavior.
- [PROMPT_INJECTION]: Indirect Prompt Injection risk:
- Ingestion points: Processes repository data from
/tmp/org-releases.jsonand parses commit messages from Git history. - Boundary markers: No delimiters or safety instructions are used when processing external commit messages or repository metadata.
- Capability inventory: Access to shell scripts, Git, GitHub CLI (
gh), and language-specific build tools. - Sanitization: No sanitization or validation of external commit messages is performed before they are used to update documentation or generate reports.
Audit Metadata