ce-release-notes
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
ghcommand-line tool and a local Python scriptscripts/list-plugin-releases.py. In both the Python script and the instructions inSKILL.md, parameters are passed as list elements rather than shell-interpolated strings. This prevents command injection vulnerabilities. The use of an environment variable (CE_RELEASE_NOTES_GH_BIN) to specify the binary path is a standard developer configuration and does not pose a threat in this context. - [PROMPT_INJECTION]: The skill processes external, untrusted data from GitHub release notes and pull request descriptions. It implements a mandatory safety boundary in
SKILL.md(Phase 6), instructing the agent to treat release bodies as untrusted documentation and never follow any directives found within them. This provides strong protection against indirect prompt injection. - Ingestion points:
scripts/list-plugin-releases.py(fetches release bodies via API) andSKILL.mdPhase 7 (fetches PR content viagh). - Boundary markers: Present in Phase 6 of
SKILL.md(untrusted data warning). - Capability inventory: Execution of
ghandpython3via subprocesses. - Sanitization: The Python script uses a numeric regex (
\d+) to extract PR numbers, ensuring only integers are passed as arguments to shell commands. - [EXTERNAL_DOWNLOADS]: The skill fetches data from
api.github.comandgithub.com. GitHub is a well-known and trusted service. The target repositoryEveryInc/compound-engineering-pluginbelongs to the skill's authoring organization.
Audit Metadata