github-release
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: No evidence of malicious behavior, data exfiltration, or obfuscation was found. The skill's logic is consistent with its stated purpose of managing software releases.
- [COMMAND_EXECUTION]: The skill utilizes git and gh CLI commands to automate the release process. These operations are essential for the workflow and include mandatory human-in-the-loop (HITL) checkpoints before any changes are pushed.
- [SAFE]: While the skill ingests untrusted data from git commit logs, the requirement for manual user verification of the resulting version and notes effectively mitigates risks associated with indirect prompt injection. 1. Ingestion points: Git commit history (SKILL.md). 2. Boundary markers: None defined. 3. Capability inventory: GitHub release creation via gh (SKILL.md). 4. Sanitization: None mentioned.
Audit Metadata