publish
Pass
Audited by Gen Agent Trust Hub on Jun 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by processing external data to generate its outputs.
- Ingestion points: The skill reads commit history using
git log, existing release notes usinggh release view, and previous chat history viaagent-discordbot message list(SKILL.md). - Boundary markers: The instructions do not specify any delimiters or safety warnings to ensure the agent ignores instructions that might be embedded in the commit messages or release bodies.
- Capability inventory: The agent has the ability to write to the repository (
gh release edit) and post messages to a specific Discord channel (agent-discordbot message send). - Sanitization: There is no evidence of sanitization or filtering applied to the retrieved data before it is used to construct the final release narrative.
- [COMMAND_EXECUTION]: The skill uses several command-line tools including
git,gh,npm, andbunto perform its tasks. The instructions emphasize proceeding through the workflow with minimal user interruption once triggered, which grants the agent significant autonomy over repository and communication tools.
Audit Metadata