release-notes
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill reads and processes external data from git commit logs and GitHub PR/issue metadata which could contain adversarial instructions.
- Evidence:
- Ingestion points: Output from
git logandghCLI (SKILL.md steps 2 and 3). - Boundary markers: Absent; the agent is not instructed to treat the gathered text as untrusted.
- Capability inventory: Local file system writes (
RELEASE_NOTES.md) and shell command execution via git and gh (SKILL.md). - Sanitization: Absent; the skill relies on the LLM to categorize raw text from external sources.
Audit Metadata