Skills
skills/eljun/workflow-skills/release/Gen Agent Trust Hub

release

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates release automation by executing git and gh (GitHub CLI) commands. These commands are used to manage version tags, commit changelog updates, and create releases on GitHub.
  • [DATA_EXFILTRATION]: The skill uses git push and gh release create to upload changelog data and release metadata to GitHub's servers. This is standard and expected behavior for a release management tool.
  • [PROMPT_INJECTION]: The skill processes content from local markdown files (TASKS.md and task documents) to generate release notes and shell command arguments, creating a surface for indirect prompt injection.
  • Ingestion points: Reads task descriptions and PR references from TASKS.md and related task files.
  • Boundary markers: None; the skill parses markdown structures directly without specific delimiters or safety instructions for the ingested content.
  • Capability inventory: The skill generates and executes shell commands (git commit, git tag, gh release create) that incorporate the ingested data.
  • Sanitization: None; ingested descriptions are interpolated directly into command templates and markdown files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 02:19 AM