Skills
skills/wshaddix/dotnet-skills/dotnet-github-releases/Gen Agent Trust Hub

dotnet-github-releases

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Utilizes the GitHub CLI (gh) and curl for managing release lifecycles and asset uploads. These commands are integral to the skill's functionality.
  • [EXTERNAL_DOWNLOADS]: References the softprops/action-gh-release GitHub Action for automation. This is a well-known service within the development community.
  • [PROMPT_INJECTION]: The skill includes patterns for extracting release notes from CHANGELOG.md and commit history.
  • Ingestion points: Data is ingested from CHANGELOG.md and Git commit metadata (SKILL.md).
  • Boundary markers: No delimiters or 'ignore instructions' warnings are implemented to protect against malicious content in the ingested files.
  • Capability inventory: The skill uses gh release create and curl to transmit data to GitHub repositories (SKILL.md).
  • Sanitization: There is no evidence of sanitization or escaping of the content extracted from external files before use in CLI or API payloads.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 03:43 PM