release-notes-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- No Executable Code Detected (SAFE): The skill consists exclusively of markdown documentation and YAML metadata; no scripts or executable payloads are included in the file.
- Indirect Prompt Injection Surface (LOW): The skill is designed to process untrusted external data such as git commit logs. While no specific exploit exists in this file, the use of Bash and Write tools provides an attack surface if the agent processes malicious commit messages without proper sanitization.
- Tool Permission Review (SAFE): The skill requests permissions for Bash and Grep, which are standard for the described DevOps release notes automation use case and are not used maliciously within the instructions provided.
Audit Metadata