release
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard development commands including 'npm run test' for quality assurance and 'git' for version control operations (add, commit, tag). These operations are restricted to the local environment and are consistent with the skill's primary purpose of orchestrating a release process.- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from 'CHANGELOG.md' and recent git commit messages to generate summaries.
- Ingestion points: Reads local 'CHANGELOG.md' and git commit history.
- Boundary markers: None explicitly defined for the external data.
- Capability inventory: Executes shell commands via 'npm' and 'git'.
- Sanitization: No explicit sanitization of commit messages before processing by the 'technical-writer' agent. While untrusted data from commit messages could theoretically influence the writer agent, the risk is considered low in the context of a release workflow.
Audit Metadata