release-director
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface through the loading of external configuration and metadata.
- Ingestion points: The agent is instructed to call
load_override('release-preferences.md')to incorporate custom user instructions and reads metadata from the album README file in the pre-release phase. - Boundary markers: There are no explicit instructions to use delimiters or ignore embedded natural language instructions when processing the contents of the override file or the album metadata.
- Capability inventory: The skill has access to powerful tools including
Bash,Edit,Write, and several MCP tools (check_streaming_lyrics,update_streaming_url,verify_streaming_urls) which could be misused if the agent is influenced by malicious instructions in the input data. - Sanitization: The skill lacks explicit validation or escaping requirements for the dynamically processed content, such as the album name used in social media templates.
Audit Metadata