publish-notes
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill does not contain any executable scripts, binaries, or configuration files that perform system operations.
- [PROMPT_INJECTION]: The workflow ingests untrusted external data (PR descriptions and commit logs), which is a characteristic surface for Indirect Prompt Injection.
- Ingestion points: PR descriptions, merged commits/diffs, and verification reports specified in the workflow steps (SKILL.md).
- Boundary markers: Absent; there are no instructions to delimit or ignore instructions embedded within the input data.
- Capability inventory: None; the skill does not define any 'allowed-tools' or shell command executions.
- Sanitization: Absent; the skill instructs the agent to convert inputs directly into drafted notes without mention of sanitizing or escaping the source content.
Audit Metadata