release-engineering

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection through the processing of untrusted external data.
  • Ingestion points: External data such as git logs, changelog entries, and PR descriptions are ingested during the release planning and verification phases (SKILL.md).
  • Boundary markers: Absent; there are no instructions or delimiters provided to the agent to treat external content as untrusted or to ignore embedded instructions.
  • Capability inventory: The skill includes shell execution capabilities (bash) for status checks, building, and deployment health verification (SKILL.md).
  • Sanitization: Absent; no validation, escaping, or filtering of external repository data is implemented.
  • [COMMAND_EXECUTION]: The skill suggests executing local shell commands such as git status --short and git log to verify the state of the repository. While these are typical release engineering tasks, they constitute a capability that could be abused if the agent's context is manipulated via indirect injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 11:20 AM
Security Audit — agent-trust-hub — release-engineering