Skills
skills/jem-open/jem-agent-skills/gtm/Gen Agent Trust Hub

gtm

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands (git, gh) to perform its tasks. It takes user input from $ARGUMENTS (e.g., the --base branch flag) and interpolates it into commands like git checkout <BASE_BRANCH>. This creates a surface for indirect command injection if a malicious branch name or argument string is provided and the agent's execution environment does not properly escape these values.
  • [DATA_EXPOSURE & EXFILTRATION]: The skill reads from a local file named version. While it interacts with GitHub via the gh CLI, this behavior is documented and necessary for its primary function. No evidence of unauthorized file access or exfiltration to third-party domains was found.
  • [SAFE]: The skill relies on standard, well-known development tools (git and GitHub CLI) and follows common DevOps patterns for release management.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 05:44 PM