Skills
skills/tobi/qmd/release/Gen Agent Trust Hub

release

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple local shell scripts (e.g., scripts/release.sh, scripts/install-hooks.sh) to perform versioning and release operations.
  • [COMMAND_EXECUTION]: It installs a local git pre-push hook by creating a symlink in the .git/hooks/ directory and applying chmod +x to the source script.
  • [COMMAND_EXECUTION]: Interacts with remote repositories and CI services through network-enabled commands such as git push and the GitHub CLI (gh).
  • [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection through data ingestion. 1. Ingestion points: SKILL.md process reads CHANGELOG.md and commit history via scripts/release-context.sh. 2. Boundary markers: Absent: No delimiters or ignore instructions are used when processing external text. 3. Capability inventory: Subprocess calls (git, gh) and file-write operations. 4. Sanitization: Absent: No sanitization of the changelog or commit message content is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 10:25 AM