release-orchestrator

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues were detected. The skill provides a clear workflow for release management with appropriate templates and examples.
  • [COMMAND_EXECUTION]: The skill includes a local helper script scripts/build_release_packet.py used to format release data. The script is executed by the agent and uses standard Python libraries (json, sys, pathlib) for processing local data.
  • [PROMPT_INJECTION]: The skill processes user-supplied release notes, which is a standard data ingestion surface for this use case.
  • Ingestion points: Release scope, risky changes, and migration details gathered in the workflow (SKILL.md).
  • Boundary markers: Absent; the skill relies on the agent to interpret the inputs according to the provided reference templates.
  • Capability inventory: Local script execution for markdown report generation.
  • Sanitization: None identified; the script performs a standard JSON load and string formatting.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 03:10 PM
Security Audit — agent-trust-hub — release-orchestrator