Skills
skills/shipshitdev/skills/release/Gen Agent Trust Hub

release

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses git, gh (GitHub CLI), and jq to manage repository state and interact with the GitHub API.\n
  • Evidence: Phases 1 through 5 utilize shell commands to fetch tags, analyze logs, query PR status, and push new release tags.\n- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by ingesting untrusted data from the repository history.\n
  • Ingestion points: Commit messages (git log) and PR metadata (gh pr list) are read from the repository (SKILL.md, Phase 2 & 3).\n
  • Boundary markers: The instructions do not specify delimiters or warnings to the model to separate commit data from internal instructions.\n
  • Capability inventory: The skill has the ability to execute shell commands (git tag, git push, gh release create) and write to the local filesystem (CHANGELOG.md).\n
  • Sanitization: No evidence of filtering or escaping commit content before it is interpolated into the natural language generation step.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 08:08 PM
Security Audit — agent-trust-hub — release