release-ai-plugins
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a utility for managing versioning and documentation within a specific project repository. It follows established best practices like Semantic Versioning and the 'Keep a Changelog' standard.
- [PROMPT_INJECTION]: Indirect Prompt Injection Analysis (Category 8):
- Ingestion points: The skill reads local manifest files (
marketplace.json,plugin.json), documentation (README.md), and changelogs (CHANGELOG.md). - Boundary markers: Absent. The skill processes the content of these files directly.
- Capability inventory: File system write access to update version strings and append text to changelogs.
- Sanitization: Not explicitly mentioned; however, since the skill is intended for local project maintenance by the developer, the risk of malicious data being present in the source files is consistent with general repository security risks. Given the primary purpose is file management, this surface does not warrant a higher severity rating.
Audit Metadata