release-checklist
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates entirely within the local filesystem and uses standard tools (Read, Glob, Grep, Write) for its intended purpose. No network access or remote execution patterns were detected.
- [PROMPT_INJECTION]: The skill processes untrusted data from the codebase (comments like TODO/FIXME) to generate the checklist. 1. Ingestion points: Codebase files scanned via Grep in Phase 3. 2. Boundary markers: Absent. 3. Capability inventory: Read, Glob, Grep, Write. 4. Sanitization: Absent. While this constitutes an indirect prompt injection surface, the risk is negligible as the data is only used for quantitative analysis and inclusion in a markdown template.
Audit Metadata