release-notes-generator
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No malicious patterns, hardcoded credentials, or data exfiltration vectors were identified in the instruction set or documentation.
- [NO_CODE]: This skill consists solely of markdown-based instructions and documentation. It does not include any scripts (e.g., Python, JavaScript, Shell) or binaries.
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from user-provided files in the workspace. This creates a surface for indirect prompt injection, though the impact is limited to text generation.
- Ingestion points: Local
.mdand.txtfiles in the Cowork workspace (referenced in SKILL.md, Step 1). - Boundary markers: Absent; input content is not wrapped in delimiters or accompanied by instructions to ignore embedded commands.
- Capability inventory: Text classification and multi-format generation (markdown, email, push, social).
- Sanitization: No explicit filtering or sanitization of input data is specified in the instructions.
Audit Metadata