release
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Direct prompt injection surface detected via the use of the $ARGUMENTS placeholder at the end of the instruction file without surrounding boundary markers or explicit safety instructions.
- [COMMAND_EXECUTION]: The skill executes shell commands and a bundled bash script (detect-forge-cli.sh) to perform environment detection and release operations. It relies on system-level binaries including git, gh (GitHub CLI), and glab (GitLab CLI).
- [PROMPT_INJECTION]: Indirect prompt injection surface exists where the skill ingests data from untrusted sources. 1. Ingestion points: Reads branching strategy logic from CLAUDE.md, AGENTS.md, and changelog files; parses git log and git diff outputs for release notes. 2. Boundary markers: Absent for all ingestion points. 3. Capability inventory: Execution of git, gh, and glab commands to modify repository state and publish releases. 4. Sanitization: No validation or sanitization is performed on ingested repository data.
Audit Metadata