release
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes git and gh (GitHub CLI) commands to perform operations such as fetching tags, pulling branches, committing changelog updates, and creating releases. These actions are within the scope of its documented functionality.
- [REMOTE_CODE_EXECUTION]: The skill runs a local script, release_plan.py, located within the skill directory. Analysis of the script shows it uses subprocess.run with argument lists to interact with git and gh, which is a secure implementation that avoids shell injection vulnerabilities.
- [PROMPT_INJECTION]: The skill processes potentially untrusted data from commit subjects and Pull Request titles. This creates a surface for indirect prompt injection. The skill mitigates this by instructing the agent to rewrite these inputs into user-facing release notes rather than copying them verbatim, and the subsequent execution steps are strictly defined.
Audit Metadata