release
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface
- Ingestion points: In Section 3, the skill executes
git logto ingest commit subjects and bodies, which are external strings that can be controlled by any contributor to the repository. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore or isolate embedded instructions within the git log output.
- Capability inventory: The skill possesses the ability to execute
git tag,git push, and variousgh releasecommands, allowing for modification of the remote repository state. - Sanitization: The skill lacks sanitization or validation logic to filter the content of commit messages before the LLM processes them to determine the next version bump or generate a summary.
Audit Metadata