release
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted content from the repository's commit history and pull requests to automate release planning and note generation.
- Ingestion points: The skill reads commit messages via
git logand pull request metadata (titles, authors) viagh pr list. - Boundary markers: There are no explicit instructions or delimiters defined to isolate untrusted commit/PR data from the agent's internal instructions during the note generation phase.
- Capability inventory: The skill has write access to the repository, including the ability to
git tag,git push, and create GitHub releases viagh release create. - Sanitization: No specific sanitization or filtering of commit messages is mentioned before they are processed by the LLM into patch notes.
- [COMMAND_EXECUTION]: The skill relies extensively on shell command execution to perform its tasks. It uses
git,gh(GitHub CLI), andjqfor repository management, API interaction, and data parsing. These operations are consistent with the skill's stated purpose of orchestrating releases.
Audit Metadata