utility-pm-release-conductor
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local shell scripts (e.g.,
scripts/pre-tag-validate.sh) and standard version control commands (git tag,git push) to validate the project state and perform release operations. These actions are aligned with the skill's primary function as a release conductor. - [PROMPT_INJECTION]: The skill uses an indirect prompt injection surface by design, specifically through a "reference + execute inline" pattern where it ingests instructions from separate local files at runtime.
- Ingestion points: The skill reads
subagents/pm-skill-auditor.mdandsubagents/pm-changelog-curator.mdto define its behavior at specific release gates. - Boundary markers: Absent; the skill directs the agent to adopt the file content as its operating instructions without explicit delimiters to isolate the injected content.
- Capability inventory: The agent has access to
Bash,Edit,Read,Grep,Glob, andAgenttools across the conductor and its inlined children. - Sanitization: No filtering or sanitization of the referenced markdown instructions is performed before they are adopted into the execution context.
- [COMMAND_EXECUTION]: The skill dynamically executes instructions loaded from external markdown files, effectively updating its behavioral logic during the release flow based on the contents of the
subagents/directory.
Audit Metadata