start-release
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs shell commands by directly interpolating the $ARGUMENTS variable, specifically in 'git flow release start $ARGUMENTS' and 'git push -u origin release/$ARGUMENTS'. This allows a user to execute arbitrary commands by providing a version string containing shell metacharacters such as ';', '&&', or '|'.
- [PROMPT_INJECTION]: The skill is vulnerable to argument-based indirect prompt injection because it lacks sanitization and validation for user-supplied data.
- Ingestion points: The $ARGUMENTS variable provided by the user at runtime in SKILL.md.
- Boundary markers: Absent; the variable is interpolated directly into shell strings without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill is authorized to use 'Bash(git:*)', 'Read', and 'Write' tools, allowing it to modify the repository and execute shell commands.
- Sanitization: Absent; there is no validation of the $ARGUMENTS variable to ensure it only contains valid semver characters before being used in shell execution.
Audit Metadata