release
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill executes multiple local shell scripts (e.g., release.sh, install-hooks.sh) that perform critical filesystem and git operations.
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). The agent processes untrusted data from git commits and CHANGELOG.md to generate release summaries. Evidence: 1. Ingestion points: git commit history and changelog files via release-context.sh; 2. Boundary markers: Absent; 3. Capability inventory: git push, gh CLI, and arbitrary script execution; 4. Sanitization: Absent. Malicious instructions in commit messages could hijack the agent's workflow.
- [COMMAND_EXECUTION] (HIGH): The install-hooks.sh script modifies the .git/hooks directory to install a pre-push hook, establishing a persistence mechanism where local scripts are executed automatically on every push action.
- [DATA_EXFILTRATION] (MEDIUM): Employs git push and GitHub CLI (gh) to transmit data to remote origins, which could be abused to exfiltrate repository metadata or source code.
- [COMMAND_EXECUTION] (MEDIUM): Performs chmod +x on repository scripts to ensure executability, which is a privilege modification step.
Recommendations
- AI detected serious security threats
Audit Metadata