draft-release-notes

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands like 'git describe', 'git log', and 'git commit' to manage repository state and 'gh' to interact with GitHub metadata.
  • [EXTERNAL_DOWNLOADS]: Fetches pull request information and ticket context from well-known services including GitHub and Linear.
  • [PROMPT_INJECTION]: Potential surface for indirect prompt injection via untrusted data processing.
  • Ingestion points: Processes external PR titles and Linear ticket descriptions which can be controlled by third parties.
  • Boundary markers: The skill does not define explicit delimiters to isolate or wrap the ingested strings within the prompt.
  • Capability inventory: The agent has permissions to write to repo files (docs/releases/ and CHANGELOG.md) and execute 'git commit' and 'gh' commands.
  • Sanitization: Relies on natural language instructions for summarization rather than technical sanitization or validation of the fetched strings. Remediation: Wrap external content in delimiters and include explicit instructions for the agent to ignore embedded commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 03:08 PM
Security Audit — agent-trust-hub — draft-release-notes