github-release
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes git and gh CLI tools to perform its intended release management functions. Commands are constructed using standard shell constructs like here-docs to manage data safely.
- [PROMPT_INJECTION]: The skill ingests repository commit logs and code diffs to help generate release notes and version suggestions, creating a surface for potential indirect prompt injection.
- Ingestion points: SKILL.md (Steps 3a and 3b).
- Boundary markers: Not explicitly specified in the prompts for ingested repo data.
- Capability inventory: git commit, git push, gh pr create, and Out-File (Step 7, 8).
- Sanitization: The workflow includes mandatory user confirmation steps (Step 4 and Step 6) to verify all content before action.
Audit Metadata