Skills
skills/rootspec/skills/release/Gen Agent Trust Hub

release

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a provided bash script (scripts/release.sh) to automate the release process.
  • The script uses standard development tools: npm version for versioning, git for committing and tagging, and gh (GitHub CLI) for creating releases.
  • It performs repository modifications including committing to the main branch, pushing tags to origin, and creating remote releases based on local file content (CHANGELOG.md).
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from the CHANGELOG.md file.
  • Ingestion points: Reads content from CHANGELOG.md to summarize for the user and extract release notes.
  • Boundary markers: None implemented; the agent is instructed to read the file content directly.
  • Capability inventory: Subprocess calls for git push and gh release create are present in scripts/release.sh.
  • Sanitization: The script uses sed to extract specific sections of the changelog, but there is no specific sanitization of the text before it is passed to the gh release command as notes.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 09:53 PM