Skills
skills/paulrberg/dot-agents/bump-release/Gen Agent Trust Hub

bump-release

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several local git commands (git status, git commit, git tag) to manage versioning and repository state.
  • [COMMAND_EXECUTION]: If a justfile is present in the repository, the skill runs the command just full-write to ensure files are correctly formatted after modification.
  • [PROMPT_INJECTION]: The skill processes potentially untrusted data from the repository's git history and pull request titles to generate content for the CHANGELOG.md file.
  • Ingestion points: Extracts information from package.json, git commit messages, and pull request titles.
  • Boundary markers: Does not utilize specific delimiters or explicit instructions to treat git history data as untrusted content.
  • Capability inventory: Has the ability to write to the local file system (package.json, CHANGELOG.md) and execute shell commands (git, just).
  • Sanitization: There is no explicit sanitization or validation of the commit messages or PR titles before they are incorporated into the changelog or used in the workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 02:37 PM