release-skills
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs and executes shell commands, including
git commitandgit tag, using strings parsed from git history. If these strings contain shell metacharacters and are not properly escaped by the agent, it could lead to arbitrary command execution on the user's machine. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the processing of untrusted external data.
- Ingestion points: Git commit messages (via
git log) and pull request metadata (viagh pr view) are ingested and processed in Step 2, Step 4, and Step 5. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore or isolate instructions embedded within the ingested commit messages.
- Capability inventory: The skill has the ability to write to the local filesystem, create git commits, and push data to remote repositories.
- Sanitization: There is no evidence of sanitization, escaping, or validation of the ingested strings before they are incorporated into prompts or passed to shell commands.
Audit Metadata