Skills
skills/krissss/skills/git-release/Gen Agent Trust Hub

git-release

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute standard command-line utilities for version control and release management, specifically git, gh (GitHub CLI), glab (GitLab CLI), and tea (Gitea CLI). These operations are consistent with the skill's stated purpose.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from Git commit messages to automatically generate changelogs and release notes. This represents an indirect prompt injection surface.
  • Ingestion points: Commit messages fetched via git log and the contents of CHANGELOG.md are ingested into the agent context.
  • Boundary markers: The skill uses a multi-step process where the agent must first present the parsed data and recommended version to the user for explicit confirmation before proceeding.
  • Capability inventory: The agent has the capability to write to the local filesystem (CHANGELOG.md), commit changes, create Git tags, and push to remote repositories.
  • Sanitization: While no automated sanitization is described, the skill enforces a 'Preview and Confirm' step (Step 2) which requires the user to manually review the generated content before it is used in CLI commands or pushed to a remote server.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 05:50 AM
Security Audit — agent-trust-hub — git-release