release-engineering
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection through the processing of untrusted external data.
- Ingestion points: External data such as git logs, changelog entries, and PR descriptions are ingested during the release planning and verification phases (SKILL.md).
- Boundary markers: Absent; there are no instructions or delimiters provided to the agent to treat external content as untrusted or to ignore embedded instructions.
- Capability inventory: The skill includes shell execution capabilities (bash) for status checks, building, and deployment health verification (SKILL.md).
- Sanitization: Absent; no validation, escaping, or filtering of external repository data is implemented.
- [COMMAND_EXECUTION]: The skill suggests executing local shell commands such as
git status --shortandgit logto verify the state of the repository. While these are typical release engineering tasks, they constitute a capability that could be abused if the agent's context is manipulated via indirect injection.
Audit Metadata