tinymist-release
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local repository scripts, specifically
scripts/release-preflight.mjsandscripts/link-docs.mjs, to gather release metadata and perform local file updates. - [COMMAND_EXECUTION]: The workflow incorporates automated execution of commands generated by the project's preflight script. These are restricted to local preparation tasks like patching manifests, updating changelogs, and staging git commits.
- [SAFE]: A critical security boundary is enforced where the agent is strictly prohibited from executing commands with external side effects—including
yarn release,cargo publish, and variousgh(GitHub CLI) operations—without explicit, immediate maintainer approval. - [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes instructions and data from local repository files and script outputs.
- Ingestion points: The JSON output of
scripts/release-preflight.mjsand the contents of documentation files likedocs/tinymist/release-instruction.typ. - Boundary markers: Present. The skill defines a clear 'External actions' phase that serves as a hard checkpoint for human verification.
- Capability inventory: Includes shell command execution via Node.js, Git, Yarn, Cargo, and the GitHub CLI.
- Sanitization: The skill relies on manual maintainer review of proposed commands rather than automated input sanitization.
Audit Metadata