release
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses command-line utilities such as
git,npm, andghto perform versioning tasks and manage remote repository state. These are standard tools used according to their intended purpose for release management. - [COMMAND_EXECUTION]: Executes a local script
./scripts/get-changes-since-tag.shto retrieve the repository's commit history. This dependency assumes the script is present and safe within the user's environment. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests commit messages from the repository history to draft changelogs. An attacker could potentially include malicious instructions in a commit message. However, the requirement for explicit user confirmation in Japanese before any release actions occur serves as a critical safeguard.
- Ingestion points: Commit data obtained from the repository history via local scripts.
- Boundary markers: The skill does not define specific delimiters or isolation instructions for the processed commit content.
- Capability inventory: File system access (updating
CHANGELOG.mdandpackage.json), versioning control (npm version), and network interaction (git push,gh release). - Sanitization: There is no automated sanitization or filtering of commit content before it is processed by the agent.
Audit Metadata