release
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a security-first release workflow. It explicitly includes a security audit phase (Phase 1) designed to detect dependency vulnerabilities, hardcoded secrets, and common web vulnerabilities (SQLi, XSS) using standard tools like npm audit and pip audit.
- [COMMAND_EXECUTION]: The workflow involves executing security scans and E2E test suites via the 'aegis' and 'atlas' sub-agents. This execution is central to the skill's primary purpose of verifying release integrity and does not involve downloading or executing untrusted remote scripts.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data such as git logs and source code to generate changelogs and release notes.
- Ingestion points: Git commit history, source code files, and dependency manifests are read by sub-agents ('aegis', 'review-agent', 'scribe').
- Boundary markers: Prompts use structured headers and instructions, though explicit delimiters for external content are not visible in the high-level task definitions.
- Capability inventory: The skill has the capability to modify version files (package.json, pyproject.toml), generate documentation (CHANGELOG.md, RELEASE.md), and create git tags.
- Sanitization: The skill relies on sub-agents to interpret and summarize data; explicit sanitization logic for interpolated values is not defined within the task prompts.
Audit Metadata