package-release
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard shell commands for repository management using
git,gh(GitHub CLI),pnpm, andnpm. These operations are necessary for the stated maintenance and release tasks.\n- [DATA_EXPOSURE]: It performs read operations on local project files, such as source code, changesets, and documentation, to facilitate change inventory and preflight checks. No access to sensitive system files, environment variables, or private credentials was found.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external data from command outputs and GitHub API responses.\n - Ingestion points: Command output from
git diff,find,rg, andgh pr viewis read into the agent context.\n - Boundary markers: None present.\n
- Capability inventory: The skill can execute local commands, manage GitHub PRs, and monitor workflow runs.\n
- Sanitization: No sanitization is performed on the ingested data before processing.
Audit Metadata