Skills
skills/nesnilnehc/ai-cortex/sync-release-docs/Gen Agent Trust Hub

sync-release-docs

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands including git diff, git log, find, and gh (GitHub CLI) to analyze the repository state and detect the base branch. These commands are restricted to information gathering and standard version control operations.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes external, potentially untrusted data from git diffs and project documentation to generate updates.
  • Ingestion points: The skill reads output from git diff, git log, and various project Markdown files (e.g., README.md, ARCHITECTURE.md, CHANGELOG.md) across the repository.
  • Boundary markers: The instructions specify categorizing changes and cross-referencing against the diff to ensure factual consistency, though explicit ignore-instruction delimiters are not mandated for the ingested data.
  • Capability inventory: The skill can modify filesystem content via editing tools and perform git add and git commit operations.
  • Sanitization: The skill implements mandatory AskUserQuestion checkpoints for subjective changes, version bumps, and narrative updates, providing a human-in-the-loop validation mechanism for non-trivial modifications.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 05:42 AM