release
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes multiple shell commands to manage the software release lifecycle, including 'git', 'just', 'gh', and 'brew'.
- [EXTERNAL_DOWNLOADS]: Utilizes 'npx' to fetch and run 'vitepress' and 'wrangler' for building and deploying documentation. It also uses 'brew' to update the local installation of the software. These resources originate from well-known technology providers and registries.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from the repository's git history.
- Ingestion points: Git commit messages are read via 'git log' in Step 2, and file changes are read via 'git diff' in Step 4.
- Boundary markers: No delimiters or safety instructions are present to separate the repository data from the agent's core instructions.
- Capability inventory: The skill possesses extensive capabilities, including command execution, remote repository updates, and external deployment.
- Sanitization: Git history and diff outputs are not sanitized or validated before being processed by the agent.
Audit Metadata