release-check
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE] (SAFE): The skill definition consists solely of markdown-based instructions and metadata. No executable scripts (Python, Node.js, Shell) or binary files are included in the analyzed content.
- [DATA_EXPOSURE] (SAFE): The skill targets standard project metadata files (e.g., package.json, README.md) for consistency checks. It does not attempt to access sensitive system paths, credentials, or personal data.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection because it ingests and processes content from untrusted external files. Evidence Chain: 1. Ingestion points: The skill reads
spec.md,plan.md,tasks.md,README.md,CHANGELOG.md, andpackage.json. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the logic. 3. Capability inventory: No dangerous operations like network access, file writing, or command execution are defined. 4. Sanitization: No escaping or validation of ingested file content is performed.
Audit Metadata