release
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage the release workflow, including process termination (
SIGKILLon turbo processes), package management (npm,bun), and version control (git,gh). These are standard operations for a software release utility. - [DATA_EXPOSURE]: The skill retrieves sensitive credentials (NPM password and OTP) using the 1Password CLI (
op). It uses these secrets to create an NPM publishing token. While this involves handling high-value secrets, the behavior is transparently documented and consistent with the skill's primary purpose of automating a developer release cycle for the authorized project owner. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from external sources to generate a changelog. This represents a potential indirect prompt injection surface.
- Ingestion points: PR titles and authors via
gh pr view, commit messages viagit log, and documentation files inpackages/docs/docs/viagit diff. - Boundary markers: No explicit boundary markers or instructions to ignore embedded instructions are present in the changelog generation steps.
- Capability inventory: The skill possesses extensive capabilities including package publishing (
npm release), file system writes (/tmp/), and network operations via standard CLI tools. - Sanitization: No explicit sanitization or validation of the PR titles or document content is performed before processing.
Audit Metadata