analyzing-releases
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from changelogs and web pages, creating a vulnerability surface for indirect prompt injection attacks.
- Ingestion points: External data is ingested via the
releasesCLI and various typed tools (e.g.,get_source_changelog), as well as arbitrary web content retrieved through theWebFetchtool. - Boundary markers: The instructions do not provide explicit boundary markers or delimiters to isolate untrusted release content from the agent's primary instructions.
- Capability inventory: The skill possesses tools to search, fetch, and synthesize release data, and the capability to fetch arbitrary content from the web via
WebFetch. - Sanitization: There are no requirements or instructions for the agent to sanitize, validate, or filter the content retrieved from external sources before processing it.
Audit Metadata