Skills
skills/tenzir/skills/tenzir-ship/Gen Agent Trust Hub

tenzir-ship

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local utility script scripts/detect-change-scope.sh to determine which files have changed in the Git repository.
  • [COMMAND_EXECUTION]: It uses the GitHub CLI (gh) within the references/create-remote-release.md instructions to interact with repository workflows and manage releases.
  • [EXTERNAL_DOWNLOADS]: The skill uses uvx to download and execute the tenzir-ship tool from the Python package registry at runtime.
  • [PROMPT_INJECTION]: The skill processes file content from the local repository (unreleased changelog entries) to draft release metadata, creating an indirect prompt injection surface.
  • Ingestion points: Reads unreleased entry files from the repository's changelog directory.
  • Boundary markers: No explicit markers are used to delimit external data from agent instructions.
  • Capability inventory: Includes access to git, gh, and local file execution.
  • Sanitization: No specific sanitization or validation of the ingested changelog content is described.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 08:25 AM