Skills
skills/borkweb/skills/document-release/Gen Agent Trust Hub

document-release

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes shell commands via Bash to interact with the local filesystem and git repository. It uses tools like git rev-parse, git status, git diff, and git log to analyze repository state and changes, and gh pr view, gh repo view, and gh pr edit to manage GitHub-specific workflows.
  • [DATA_EXFILTRATION]: Performs network-bound operations using git push and gh pr edit. These operations are used to push documentation updates to the remote repository and update Pull Request metadata. The targets are the project's configured remote, which is an expected destination for this workflow.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection through the ingestion of external data. This is documented with the following evidence chain:
  • Ingestion points: Reads content from git diff, git log (commit messages), and existing markdown files in Step 1 and Step 2.
  • Boundary markers: The instructions lack specific delimiters or instructions to ignore embedded commands within the processed text during analysis.
  • Capability inventory: The skill has the ability to modify files via the Edit tool, commit changes with git commit, and push to remote branches via git push in Step 9.
  • Sanitization: There is no evidence of sanitization or filtering of input strings (like commit messages) before they are interpolated into document summaries or PR bodies.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 07:27 AM
Security Audit — agent-trust-hub — document-release