add-announcement
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill provides a surface for indirect prompt injection by ingesting user-provided data to modify a configuration file that controls UI elements.
- Ingestion points: The skill uses the
Edittool to modifyweb/oss/src/components/SidebarBanners/data/changelog.jsonwith user-provided titles and descriptions. - Boundary markers: The skill documentation includes a mitigation note: 'Don't add custom HTML/styling in description
- it's rendered as plain text.'
- Capability inventory: The skill is authorized to use
Read,Edit,Grep, andGlobtools to perform file system operations. - Sanitization: The skill relies on manual adherence to the 'plain text' instruction and the underlying UI's rendering logic.
- [SAFE] (SAFE): No patterns of data exfiltration, hardcoded credentials, obfuscation, or unauthorized command execution were detected. The skill uses standard developer tools for its intended purpose of repository maintenance.
Audit Metadata