release-management
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The file
scripts/create-release.mdemploys dynamic context injection (using the!syntax) to execute local git commands such asgit describe,git log, andgit branch. These operations are limited to gathering repository metadata to inform the agent's release tasks and do not involve sensitive data access or network exfiltration. - [COMMAND_EXECUTION]: The skill facilitates the execution of git and
ghCLI commands through shell scripts and a Python utility (scripts/release-scripts.shandscripts/version-manager.py). These scripts are designed for version management and follow safe practices for handling command arguments and local file updates. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in
scripts/create-release.mdby reading git commit history and presenting it to the agent. While commit messages are untrusted data, the risk is mitigated by the specific context of release note generation and the absence of high-risk automated decision-making based on that data.
Audit Metadata