Skills
skills/taptap/claude-plugins-marketplace/prepare-release/Gen Agent Trust Hub

prepare-release

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes git commands (fetch, diff, show, log) and uses the jq utility to manage version numbers and extract metadata from project configuration files.
  • [EXTERNAL_DOWNLOADS]: It performs a git fetch origin main operation to synchronize version data with the remote repository, which is a standard procedure for release management.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted commit logs into project markdown files.
  • Ingestion points: Git commit history retrieved via git log (SKILL.md)
  • Boundary markers: Absent; the skill does not use delimiters to wrap or isolate external content within documentation templates.
  • Capability inventory: The skill performs file-write operations to CHANGELOG.md, root README.md, and various plugin configuration files (SKILL.md).
  • Sanitization: Absent; commit messages are interpolated directly into markdown files without validation or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 04:38 PM