release
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands including
gitandgh(GitHub CLI) to perform version detection, tagging, and remote release creation. These commands are localized to the user's repository environment and align with the skill's stated purpose. - [PROMPT_INJECTION]: The workflow involves parsing
TASKS.mdand other project documents to generate release notes. This creates a surface for indirect prompt injection where malicious content in task descriptions could influence the output of release notes or commit messages. The skill is designed to summarize this data rather than execute it as code. - [DATA_EXFILTRATION]: While the skill performs
git pushandgh release create, these operations target the repository's configured origin and official GitHub services. No evidence of data transmission to unauthorized or suspicious third-party endpoints was found.
Audit Metadata