semantic-release
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from the git repository to generate documentation.
- Ingestion points: The
scripts/generate-doc-notes.mjsscript extracts commit messages usinggit logand parses markdown files for H1 headers to build release notes. - Boundary markers: No specific delimiters or boundary instructions are implemented to prevent the AI from interpreting content within commit messages or file titles as instructions.
- Capability inventory: The skill possesses the capability to write to the local filesystem (updating
CHANGELOG.md) and interact with the GitHub API (creating releases and tags) via thesemantic-releasetoolchain. - Sanitization: The extracted strings from commit history and file headers are not sanitized before being included in the generated release notes.
- [COMMAND_EXECUTION]: The skill relies on shell command execution for project initialization and release workflows.
- Evidence: Scripts such as
scripts/init-project.mjs,scripts/init_project.sh, andscripts/generate-doc-notes.mjsuseexecSyncorBun.spawnto execute git, npm, and other system commands. - Context: These operations are standard for the tool's purpose, constructing commands from local state and environment variables to manage versioning and dependencies.
Audit Metadata