github-release-management

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) and git to perform operations such as creating releases, managing branches, and tagging versions. This involves the execution of shell commands that interact with the repository's metadata and state.
  • [REMOTE_CODE_EXECUTION]: The skill frequently executes external code using npx for packages like claude-flow and ruv-swarm. These packages are downloaded from the npm registry and executed at runtime to perform deployment and orchestration tasks.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from GitHub commit messages and pull request descriptions to generate release notes and changelogs.
  • Ingestion points: Data is fetched via gh api and gh pr list in SKILL.md (Level 1
  • Basic Usage) and references/workflows.md (Changelog Agent section).
  • Boundary markers: Commit messages and PR titles are interpolated directly into shell command arguments and release notes without explicit delimiters or instructions to the agent to treat the content as data only.
  • Capability inventory: The skill possesses significant capabilities, including arbitrary shell command execution via Bash(), file creation/modification via Write(), and the ability to spawn and orchestrate AI agents via the claude-flow MCP tools.
  • Sanitization: No sanitization or filtering of the fetched GitHub data is performed before it is processed by the agent or included in the final release output.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — github-release-management