git-remote-release
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local git commands such as
git log,git remote, andgit symbolic-refto resolve the current branch and repository state. - [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh api) to retrieve commit and pull request metadata from remote repositories. - [EXTERNAL_DOWNLOADS]: The skill interacts with the GitHub API to fetch data for release note generation. GitHub is recognized as a well-known and trusted service for development workflows.
- [PROMPT_INJECTION]: The skill processes untrusted data from external sources, representing a surface for indirect prompt injection.
- Ingestion points: Commit messages and pull request descriptions retrieved from the Git history and GitHub API (SKILL.md).
- Boundary markers: No explicit markers or instructions to ignore embedded commands are used during the data collection phase.
- Capability inventory: Uses standard git and gh CLI tools for data retrieval; no write operations or dangerous system-level access is requested.
- Sanitization: The skill does not explicitly describe sanitization of the retrieved text before summarization.
Audit Metadata