create-draft-release-notes

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the gh (GitHub CLI) to perform repository operations, manage releases, and check authentication status. It also executes a local Node.js script (create-draft-release-notes.mjs) to reorganize release note content. These actions are legitimate and necessary for the skill's primary functionality.
  • [PROMPT_INJECTION]: The skill processes untrusted commit messages from the repository, which constitutes an indirect prompt injection surface.
  • Ingestion points: Release note content is retrieved from the repository using gh release view in SKILL.md (Step 7).
  • Boundary markers: No specific boundary markers or instructions to ignore embedded commands are included in the prompt-based workflow.
  • Capability inventory: The skill possesses the capability to edit GitHub releases (gh release edit) and execute local scripts.
  • Sanitization: While the formatting script reorganized items based on regex patterns, it does not explicitly sanitize or escape the content. However, the risk is significantly mitigated because the agent primarily passes data through a deterministic script without interpreting the content itself.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 01:31 PM
Security Audit — agent-trust-hub — create-draft-release-notes