when-releasing-software-use-github-release-management

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted repository data.
  • Ingestion points: The 'release-manager' agent analyzes commit history using 'git log' to determine versioning, and the 'docs-writer' agent extracts data from commits and pull requests to generate changelogs (SKILL.md).
  • Boundary markers: There are no explicit instructions or delimiters used to prevent the agents from following instructions potentially embedded within commit messages or PR descriptions.
  • Capability inventory: The agents can execute shell scripts ('scripts/*.sh') and interact with the GitHub API ('scripts/github-api.sh'), providing a path for potential exploitation if an injection occurs.
  • Sanitization: No sanitization or validation logic is present to filter malicious content from the ingested git metadata.
  • [EXTERNAL_DOWNLOADS]: The skill downloads code from a public package registry during operation.
  • Evidence: The skill invokes 'npx claude-flow@alpha' to initialize the agent swarm and manage workflow hooks.
  • [REMOTE_CODE_EXECUTION]: The skill executes code downloaded from the internet during runtime.
  • Evidence: Using 'npx' to run the 'claude-flow' package results in the execution of remote code on the local environment.
  • [COMMAND_EXECUTION]: The skill's primary workflows rely heavily on the execution of local shell scripts.
  • Evidence: Workflows include numerous calls to local scripts such as 'scripts/deploy.sh', 'scripts/semver.sh', and 'scripts/rollback.sh' to perform system-level deployment and configuration operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 03:22 AM
Security Audit — agent-trust-hub — when-releasing-software-use-github-release-management