github-release-swarm
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill frequently uses
npx ruv-swarmto execute release tasks. This package is not from a trusted source/organization listed in the security profile. Running unverified packages vianpxcan lead to supply chain attacks where malicious code is downloaded and executed at runtime. - REMOTE_CODE_EXECUTION (MEDIUM): The reliance on
npxfor core functionality allows for the execution of remote code that has not been audited or pinned to a specific hash or version in the examples, providing a vector for arbitrary code execution. - COMMAND_EXECUTION (LOW): The skill makes extensive use of the GitHub CLI (
gh) and shell scripting to perform sensitive operations like creating releases, uploading artifacts, and modifying repository state. While expected for a release tool, it represents a high-privilege capability surface. - Indirect Prompt Injection (LOW): The skill ingests untrusted data from GitHub (commit messages, PR titles) and passes them to the AI-driven
ruv-swarmtool, which could be exploited to influence the agent's behavior during release generation. - Ingestion points: Commit messages and PR data are fetched via
gh apiandgh pr list(SKILL.md). - Boundary markers: Absent; untrusted strings are passed directly as command-line arguments to
npx ruv-swarm. - Capability inventory: The skill can create GitHub releases, upload assets, create issues, and publish to npm.
- Sanitization: No sanitization or validation of the commit/PR data is performed before processing.
Audit Metadata