release-skills
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes git and gh commands (e.g.,
git commit -m "...",gh pr view <number>) where the parameters are extracted from commit subjects and PR metadata. If a commit message or PR title contains shell metacharacters, it could lead to command injection during the automated workflow. - [PROMPT_INJECTION]: The skill ingests untrusted data from the repository's commit logs and GitHub's PR API to determine version bumps and generate multi-language changelogs. An attacker who contributes a commit or PR could embed malicious instructions (Indirect Prompt Injection) to influence the agent's release decisions or the content of the generated release documentation.
- [DATA_EXFILTRATION]: While the skill primarily pushes to 'origin', it reads sensitive repository configuration and history. If the git remote is maliciously modified or if command injection occurs, there is a potential path for data exposure.
Audit Metadata