cut-release

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by reading commit subjects and bodies to generate a CHANGELOG. This is mitigated by instructions requiring the agent to synthesize and rephrase the content for a user-facing log rather than directly outputting or executing it.
  • Ingestion points: Output of git log (Phase 1) and diff reads (Phase 4).
  • Boundary markers: None specified.
  • Capability inventory: Shell command execution via git, gh, npm, npx, and file operations (touch, cat, awk).
  • Sanitization: Instructions require the agent to rephrase commit messages for the CHANGELOG, which provides a layer of human-like synthesis that mitigates direct instruction injection.
  • [COMMAND_EXECUTION]: The skill uses a variety of local commands (git, gh, npm, cargo, npx, awk, touch, cat) to perform version management and project state verification. These are standard tools used within their intended scope for release automation.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with the repository's origin on GitHub to fetch tags, push releases, and monitor workflow status. It also uses npx to run the oxfmt formatting tool. These operations target well-known infrastructure (GitHub and NPM) and are necessary for the skill's primary function.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 04:25 AM
Security Audit — agent-trust-hub — cut-release