bump-release
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local git commands (commit, tag, status, log) and a project-specific task (just full-write) to manage the release process. These operations are standard for development automation and are scoped to the local repository.
- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface by summarizing git commit history and pull request titles into a changelog. Maliciously crafted commit messages could attempt to influence the agent's summarization behavior.
- Ingestion points: Git commit logs and PR titles parsed in SKILL.md.
- Boundary markers: None explicitly defined for the summarization prompt.
- Capability inventory: File modifications, git tagging, and command execution via just.
- Sanitization: The skill relies on standard model summarization without explicit content filtering for commit messages.
- [EXTERNAL_DOWNLOADS]: References to external sites like common-changelog.org and github.com are used for specification guidance and release linking. These are well-known services relevant to the skill's purpose.
Audit Metadata