create-release
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted input from the project's git commit history to generate changelogs and release notes. This represents an indirect prompt injection surface where malicious commit messages could attempt to influence the agent's behavior or output. This is a common pattern for release tools and is mitigated by the skill's mandatory manual approval workflow.
- Ingestion points: Commit messages retrieved via
git log(SKILL.md, Step 4). - Boundary markers: Absent; the agent processes raw log output.
- Capability inventory: File modifications, git commit/tag/push operations, and GitHub CLI (
gh) release creation. - Sanitization: The skill implements mandatory safety gates (Step 8) requiring the user to review all proposed changes, commit messages, and tag formats before execution.
Audit Metadata