ship
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses explicit directives to override standard agent interactive behavior and safety checks. It instructs the agent to be "non-interactive, fully automated," specifically command the agent to "Do NOT ask for confirmation at any step" and "Run straight through." This removes the human-in-the-loop safety barrier for sensitive operations.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from
git diffand repository files without utilizing boundary markers or delimiters. Instructions hidden within the source code or commit messages being processed could potentially influence the agent's Pre-Landing Review results or subsequent workflow logic. - [COMMAND_EXECUTION]: The skill executes a wide range of shell commands to automate the release process. This includes
gitoperations for merging, committing, and pushing code, as well as running local test suites (bin/test-lane,npm run test) and using the GitHub CLI (gh pr create). These commands are executed automatically based on the results of previous steps and automated decision-making logic.
Audit Metadata