Skills
skills/vamseeachanta/workspace-hub/github-release-manager/Gen Agent Trust Hub

github-release-manager

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill utilizes shell commands and the GitHub CLI (gh) to manage repositories. While these are powerful capabilities allowing for file modification and repository state changes, they are consistent with the skill's stated purpose of release management.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill executes npm install, which downloads third-party packages from the npm registry. This is a standard part of the Node.js build process but introduces a dependency on external code that is not verified by the skill itself.
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection through repository data.
  • Ingestion points: Commit messages are retrieved via gh api and written to a changelog file.
  • Boundary markers: Absent; the skill does not use delimiters to separate untrusted commit data from instructions.
  • Capability inventory: Includes shell execution (Bash calls) and GitHub repository write access.
  • Sanitization: Absent; commit messages are used directly in shell command arguments and documentation generation without filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 03:59 PM