draft-release-notes
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like 'git describe', 'git log', and 'git commit' to manage repository state and 'gh' to interact with GitHub metadata.
- [EXTERNAL_DOWNLOADS]: Fetches pull request information and ticket context from well-known services including GitHub and Linear.
- [PROMPT_INJECTION]: Potential surface for indirect prompt injection via untrusted data processing.
- Ingestion points: Processes external PR titles and Linear ticket descriptions which can be controlled by third parties.
- Boundary markers: The skill does not define explicit delimiters to isolate or wrap the ingested strings within the prompt.
- Capability inventory: The agent has permissions to write to repo files (docs/releases/ and CHANGELOG.md) and execute 'git commit' and 'gh' commands.
- Sanitization: Relies on natural language instructions for summarization rather than technical sanitization or validation of the fetched strings. Remediation: Wrap external content in delimiters and include explicit instructions for the agent to ignore embedded commands.
Audit Metadata