releasenotes
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes git commit history and pull request data (SKILL.md, steps 2-3). These are external, untrusted inputs that could contain malicious instructions designed to influence the agent's behavior during changelog generation. Mandatory Evidence: 1. Ingestion points: git history and pull request titles/descriptions via git commands. 2. Boundary markers: Absent; there are no instructions to the agent to ignore commands within the retrieved data. 3. Capability inventory: Execution of git commands (SKILL.md, step 1). 4. Sanitization: Absent; the skill does not specify any filtering or escaping of the retrieved content.
- [COMMAND_EXECUTION]: The skill requires the agent to execute local git commands such as 'git tag --sort=-creatordate' to retrieve repository metadata. This behavior is expected and necessary for the skill's primary function.
- [NO_CODE]: The skill is composed entirely of natural language instructions in Markdown format and does not provide any scripts, binaries, or other executable files.
Audit Metadata