release-notes
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local git commands (git tag, git log, git diff) to retrieve metadata about the repository history. These commands are standard for release note generation and operate within the local project context.\n- [PROMPT_INJECTION]: The skill processes commit messages and file differences, which are external inputs that could contain indirect prompt injection content.\n- Ingestion points: Git commit messages and diff data are read in SKILL.md via workflow steps 1 and 2.\n- Boundary markers: Absent; the instructions do not specify delimiters for commit content.\n- Capability inventory: The agent capability in this context is limited to generating a Markdown summary of the changes.\n- Sanitization: None; the skill assumes commit messages are purely informational.
Audit Metadata