release
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage the release workflow, including Git operations (commit, tag, push), npm commands (install, run), and the GitHub CLI (gh release). It also runs local scripts located within the repository's
scripts/directory (bump-version.mjsandpublish-github-release.mjs). These actions are consistent with the skill's stated purpose of release automation. - [EXTERNAL_DOWNLOADS]: The skill invokes
npm installin Step 3. This command downloads project dependencies from the official npm registry. This is a standard and expected operation for maintaining a Node.js project during a release. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection in Step 4, where it reads git commit messages to generate human-friendly changelog descriptions.
- Ingestion points: Git commit history (
git log) is processed in Step 1 and Step 4. - Boundary markers: Absent; there are no specific delimiters or instructions to ignore malicious content within commit messages.
- Capability inventory: The agent has the ability to write to the local filesystem (
CHANGELOG.md), perform Git operations, and execute local scripts. - Sanitization: Absent; the skill relies on the agent to interpret and rewrite commit messages without explicit filtering.
- [SAFE]: All identified operations align with the primary purpose of the skill (software release management). The tools used (npm, git, gh) and the target packages (@onevcat/argue) are consistent with the provided author context and standard development practices.
Audit Metadata