add-git-tag
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard Git commands for repository management. These include identifying the repository root, checking logs and status, and creating tags. All operations are local and aligned with the skill's description.\n- [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided strings for version names and milestone descriptions that are later interpolated into shell commands.\n
- Ingestion points: Step 1 collects user input for 'Tag version', 'Achievements', and 'Next plans' via the SKILL.md instructions.\n
- Boundary markers: Step 2 mandates a confirmation phase where the agent displays the final message and waits for the user to verify the content before proceeding to command execution.\n
- Capability inventory: The skill has access to the Bash tool to run git commands (tag, push, rev-parse, log, status).\n
- Sanitization: No specific sanitization or character escaping is defined in the instructions; the skill relies on the agent's default safety controls and the user's final review of the preview to mitigate command injection risks.
Audit Metadata