github-release-management
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (
gh) andgitto perform operations such as creating releases, managing branches, and tagging versions. This involves the execution of shell commands that interact with the repository's metadata and state. - [REMOTE_CODE_EXECUTION]: The skill frequently executes external code using
npxfor packages likeclaude-flowandruv-swarm. These packages are downloaded from the npm registry and executed at runtime to perform deployment and orchestration tasks. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from GitHub commit messages and pull request descriptions to generate release notes and changelogs.
- Ingestion points: Data is fetched via
gh apiandgh pr listinSKILL.md(Level 1 - Basic Usage) and
references/workflows.md(Changelog Agent section). - Boundary markers: Commit messages and PR titles are interpolated directly into shell command arguments and release notes without explicit delimiters or instructions to the agent to treat the content as data only.
- Capability inventory: The skill possesses significant capabilities, including arbitrary shell command execution via
Bash(), file creation/modification viaWrite(), and the ability to spawn and orchestrate AI agents via theclaude-flowMCP tools. - Sanitization: No sanitization or filtering of the fetched GitHub data is performed before it is processed by the agent or included in the final release output.
Audit Metadata