delivery-reporting
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from Git repositories which creates an indirect prompt injection surface. Malicious instructions embedded in README files or PR descriptions could influence sub-agent behavior. -- Ingestion points: Git README files, PR titles/descriptions, and code diffs (SKILL.md). -- Boundary markers: Absent in sub-agent prompts. -- Capability inventory: Git and GitHub CLI execution, filesystem writes, and sub-agent dispatching (SKILL.md). -- Sanitization: Not specified for data interpolated into prompts.
- [COMMAND_EXECUTION]: The skill executes shell commands to interact with local and remote repositories. -- Evidence: git fetch, git tag, gh release list, gh pr list, git log, and git branch.
- [EXTERNAL_DOWNLOADS]: The skill fetches metadata and code from GitHub repositories. -- Evidence: Uses git fetch and gh CLI to retrieve data from external sources.
Audit Metadata