Skills
skills/lis186/ccxray/release/Gen Agent Trust Hub

release

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various system commands to manage the release workflow.
  • Runs node -e to calculate version increments based on the local package.json file.
  • Executes git commands (describe, log, add, commit, tag, push) to manage repository state and history.
  • Uses npm test and npm publish to verify and distribute the software.
  • [DATA_EXFILTRATION]: The skill is designed to send local project data to external services.
  • Pushes source code and tags to a remote Git repository via git push.
  • Uploads the package to the public npm registry via npm publish.
  • These actions are the primary intended function of the skill and require manual user confirmation at critical steps.
  • [PROMPT_INJECTION]: The skill processes untrusted external data that could contain malicious instructions.
  • Data from git log (commit messages) and package.json are ingested and processed by the agent.
  • The skill mitigates this risk by requiring the agent to display the drafted CHANGELOG and version bump for user approval before modifying files or proceeding with the release.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 03:17 PM