write
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the GitHub CLI command
gh release viewto fetch repository release notes. This is used as a legitimate style reference to ensure the generated text matches existing project conventions. No sensitive information is accessed or transmitted. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it processes untrusted text from users and external GitHub release bodies. While no malicious payload was identified, the design lacks explicit delimiters or instructions to ignore embedded commands within the source text.
- Ingestion points: User-provided prose for editing and external release note content retrieved via the
ghtool. - Boundary markers: Absent. The instructions do not define strict boundaries or warn the agent to ignore instructions within the processed text.
- Capability inventory: Extensive prose rewriting and formatting rules defined in
SKILL.md,references/write-en.md, andreferences/write-zh.md. - Sanitization: None detected; the agent is expected to focus on the stylistic properties of the input text.
Audit Metadata