github-release-manager
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill executes various system commands via Bash, including git, gh, and npm. While these are necessary for its primary purpose of release management, they involve executing code (e.g., via npm test or npm run build) defined within the repository being managed.
- EXTERNAL_DOWNLOADS (LOW): Uses npm install and gh release download to fetch packages and assets from trusted platforms (npmjs.org and GitHub). Per TRUST-SCOPE-RULE, these findings are downgraded to LOW.
- PROMPT_INJECTION (LOW): The skill exhibits a surface for indirect prompt injection by ingesting commit messages and API data to generate documentation without sanitization. 1. Ingestion points: git commit messages retrieved via gh api and gh release list. 2. Boundary markers: Absent; content is piped directly into changelog files. 3. Capability inventory: File writing, Bash command execution. 4. Sanitization: None observed.
Audit Metadata