release-changelog
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill analyzes external data from git commits, pull requests, and changeset files. This ingestion of untrusted content presents a risk of indirect prompt injection.
- Ingestion points: Git commit history, PR titles and descriptions via GitHub CLI, and local changeset files.
- Boundary markers: No specific delimiters or instructions are provided to the agent to treat this ingested data as untrusted or to ignore embedded commands.
- Capability inventory: The skill is authorized to write markdown files to the releases/ directory and perform various shell commands.
- Sanitization: No explicit validation or sanitization of external text is performed before it is processed by the agent.
- [COMMAND_EXECUTION]: Uses local shell utilities like git, gh, and rg, as well as a project script ./scripts/release.sh. These commands are standard for the skill's intended release management workflow and do not involve unauthorized privilege escalation.
Audit Metadata