cut-release
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by reading commit subjects and bodies to generate a CHANGELOG. This is mitigated by instructions requiring the agent to synthesize and rephrase the content for a user-facing log rather than directly outputting or executing it.
- Ingestion points: Output of
git log(Phase 1) and diff reads (Phase 4). - Boundary markers: None specified.
- Capability inventory: Shell command execution via
git,gh,npm,npx, and file operations (touch,cat,awk). - Sanitization: Instructions require the agent to rephrase commit messages for the CHANGELOG, which provides a layer of human-like synthesis that mitigates direct instruction injection.
- [COMMAND_EXECUTION]: The skill uses a variety of local commands (
git,gh,npm,cargo,npx,awk,touch,cat) to perform version management and project state verification. These are standard tools used within their intended scope for release automation. - [EXTERNAL_DOWNLOADS]: The skill interacts with the repository's origin on GitHub to fetch tags, push releases, and monitor workflow status. It also uses
npxto run theoxfmtformatting tool. These operations target well-known infrastructure (GitHub and NPM) and are necessary for the skill's primary function.
Audit Metadata