release-notes
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted data from git commits and external documentation files. If these inputs contain malicious instructions, they could influence the agent during the release note generation or transformation process.\n
- Ingestion points: Git commits processed by
parse-commits.cjsand feature documentation accessed via the--sourceparameter inREADME.md.\n - Boundary markers: No explicit boundary markers or instruction-ignore delimiters are defined in the provided workflow.\n
- Capability inventory: The skill uses
Bashto execute scripts and hasReadandWriteaccess to the filesystem (e.g.,docs/release-notes/).\n - Sanitization: No evidence of input sanitization or content validation is provided in the skill definitions.\n- [Command Execution] (SAFE): The skill executes local Node.js scripts (
.cjs) to perform its functions. These scripts are part of the skill's library and do not represent arbitrary remote code execution.\n- [Credential Safety] (SAFE): The mention ofANTHROPIC_API_KEYinreferences/release-pipeline.mduses a placeholder value (your-api-key), which is a safe way to document configuration requirements.
Audit Metadata