release-skills
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes git commands (tag, log, diff, add, commit) to automate the release workflow. These operations are essential for the skill's stated purpose of managing versions and changelogs.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) by processing git logs. 1. Ingestion points: git log and git diff output containing commit messages. 2. Boundary markers: Absent; the agent processes the raw output of git commands. 3. Capability inventory: The skill can write to README, CHANGELOG, and marketplace.json files, and create git commits and tags. 4. Sanitization: Absent; the skill does not include instructions to ignore or sanitize embedded instructions within commit messages.
Audit Metadata