Skills
skills/yonatangross/orchestkit/release-checklist/Gen Agent Trust Hub

release-checklist

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local build and test commands including npm run build, npm test, npm run test:security, and npm run typecheck to verify release readiness.
  • [COMMAND_EXECUTION]: The skill performs git operations such as git diff, git add, git commit, and git tag to manage the versioning process.
  • [COMMAND_EXECUTION]: The skill executes a bundled shell script scripts/pre-push-confirm.sh to summarize changes and prompt the user for confirmation before pushing to a remote repository.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes data from untrusted or local files. 1. Ingestion points: Files such as package.json, CLAUDE.md, CHANGELOG.md, and the output of git diff. 2. Boundary markers: Absent. 3. Capability inventory: Local command execution and remote push via git. 4. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 04:27 PM