Skills
skills/sharex/xerahs/publish-release/Gen Agent Trust Hub

publish-release

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands including git for repository management, gh for GitHub release and workflow orchestration, and dotnet for build verification. These commands are used to automate the full release lifecycle from local build to remote deployment.
  • [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from an external source (GitHub release body) via the gh release view command in scripts/run-release-sequence.sh. This data is then processed by the agent to determine if standard release notes need to be appended.
  • Ingestion points: The gh release view command in scripts/run-release-sequence.sh reads the current release notes from GitHub.
  • Boundary markers: The ingested text is not wrapped in delimiters or accompanied by instructions to ignore potential embedded commands.
  • Capability inventory: The skill possesses significant capabilities for subprocess execution (git, gh, dotnet), file system modification, and repository push/tag operations.
  • Sanitization: While jq is used for parsing structured JSON data from the CLI, the natural language content of the release notes is not sanitized or escaped before being returned to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 06:16 AM
Security Audit — agent-trust-hub — publish-release