release-prep
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted data from the repository (commit messages, documentation, code) to generate artifacts like changelogs and release notes. This data could contain malicious instructions designed to influence the agent's behavior during the release process.
- Ingestion points: Git commit history for changelog generation, package files (package.json) for versioning, and general codebase content for API documentation updates (referenced in references/prepare-release.md).
- Boundary markers: Absent. The delegation prompts for subagents (general-purpose, code-reviewer, etc.) do not use delimiters or explicit 'ignore embedded instructions' warnings when processing repo data.
- Capability inventory: The skill utilizes the 'Task' tool to delegate to specialized subagents and coordination with 'Bash' for build/Git operations and 'Read/Write' for file system modifications (referenced in references/prepare-release.md).
- Sanitization: No sanitization or validation of the ingested commit messages or file content is specified before interpolation into subagent prompts.
Audit Metadata