skills/dnyoussef/ai-chrome-extension/when-releasing-software-use-github-release-management/Gen Agent Trust Hub
when-releasing-software-use-github-release-management
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted repository data.
- Ingestion points: The 'release-manager' agent analyzes commit history using 'git log' to determine versioning, and the 'docs-writer' agent extracts data from commits and pull requests to generate changelogs (SKILL.md).
- Boundary markers: There are no explicit instructions or delimiters used to prevent the agents from following instructions potentially embedded within commit messages or PR descriptions.
- Capability inventory: The agents can execute shell scripts ('scripts/*.sh') and interact with the GitHub API ('scripts/github-api.sh'), providing a path for potential exploitation if an injection occurs.
- Sanitization: No sanitization or validation logic is present to filter malicious content from the ingested git metadata.
- [EXTERNAL_DOWNLOADS]: The skill downloads code from a public package registry during operation.
- Evidence: The skill invokes 'npx claude-flow@alpha' to initialize the agent swarm and manage workflow hooks.
- [REMOTE_CODE_EXECUTION]: The skill executes code downloaded from the internet during runtime.
- Evidence: Using 'npx' to run the 'claude-flow' package results in the execution of remote code on the local environment.
- [COMMAND_EXECUTION]: The skill's primary workflows rely heavily on the execution of local shell scripts.
- Evidence: Workflows include numerous calls to local scripts such as 'scripts/deploy.sh', 'scripts/semver.sh', and 'scripts/rollback.sh' to perform system-level deployment and configuration operations.
Audit Metadata