Skills
skills/antinomyhq/forge/write-release-notes/Gen Agent Trust Hub

write-release-notes

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell scripts (fetch-release-data.sh and validate-release-notes.sh) to interact with the GitHub API and validate output length. These scripts use the gh CLI and standard utilities like jq and sed.
  • Evidence: bash .forge/skills/write-release-notes/scripts/fetch-release-data.sh <version>
  • Evidence: echo "<release notes>" | bash .forge/skills/write-release-notes/scripts/validate-release-notes.sh
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from GitHub release bodies and pull request metadata which could contain malicious instructions designed to influence the agent's output during the synthesis phase.
  • Ingestion points: The fetch-release-data.sh script retrieves release bodies and PR titles/descriptions via gh api and gh pr view.
  • Boundary markers: The instructions lack explicit delimiters or instructions to ignore embedded commands within the fetched PR data.
  • Capability inventory: The agent has access to shell execution (bash), GitHub CLI (gh), and basic text processing tools.
  • Sanitization: The fetch script strips ANSI color codes using sed, but there is no semantic sanitization of the PR content before it is processed by the LLM.
  • [SAFE]: The skill follows security best practices by not hardcoding credentials, using local authenticated CLI tools, and providing a validation script to ensure output constraints are met.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 10:28 PM