release-planner
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows a structured and transparent workflow for release planning without any evidence of malicious intent or unauthorized actions.
- [DATA_EXPOSURE]: The skill reads project-specific documentation files (e.g.,
product.md,tech.md) to gather context. This is consistent with its stated purpose of release planning and does not involve accessing sensitive system files or credentials. - [COMMAND_EXECUTION]: External operations such as creating JIRA epics and Confluence pages are performed via specific MCP tools. A critical 'Gate' is implemented in Step 5, ensuring the agent must obtain explicit user approval before any external write operations occur.
- [INDIRECT_PROMPT_INJECTION]: The skill processes potentially untrusted data from steering documents. While it lacks explicit boundary markers for these inputs, the risk is mitigated by the structured extraction process (targeting specific fields like 'Name' and 'T-shirt size') and the final human-approval checkpoint before any external state change.
Audit Metadata