Skills
skills/zhanlincui/ultimate-agent-skills-collection/github-release-assistant/Gen Agent Trust Hub

github-release-assistant

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to perform git operations (git add, git commit, git push) and runs a local Python script for documentation generation.
  • Evidence: The SKILL.md workflow instructions explicitly direct the agent to run git status, diff, add, commit, and push commands, as well as the generate_release_readme.py script.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from various files within the target repository that may be under the control of an untrusted party.
  • Ingestion points: The skill reads data from config.json, README.md, PROJECT_STRUCTURE.md, requirements*.txt, and files in the docs/ directory.
  • Boundary markers: There are no explicit boundary markers or instructions to the agent to treat repo content as untrusted data during the documentation generation process.
  • Capability inventory: The skill has the ability to write new files to the repository and execute git commands that push changes to remote servers.
  • Sanitization: The generate_release_readme.py script extracts content using regular expressions and directly interpolates it into templates without sanitization or validation of the extracted text.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 09:10 PM