ship
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Automates a full CI/CD pipeline by executing shell commands for Git, GitHub CLI (gh), and jq.
- [EXTERNAL_DOWNLOADS]: Communicates with GitHub official services to synchronize code, create pull requests, and manage releases.
- [SAFE]: Explicitly instructs the agent to avoid staging sensitive files such as .env or credential files during the release process.
- [SAFE]: Employs secure shell scripting patterns, specifically quoted heredocs (cat << 'EOF'), to sanitize user-provided commit messages before they are processed by the shell, mitigating potential command injection risks.
Audit Metadata