release-notes
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses standard git commands to perform repository analysis and formatting, which is consistent with its stated purpose of generating release notes.- [PROMPT_INJECTION]: Indirect Prompt Injection surface analysis: The skill processes external data from git commits and PR titles which could theoretically contain instructions.
- Ingestion points: Commit messages and PR titles retrieved from the git history (referenced in SKILL.md).
- Boundary markers: No explicit delimiters are specified to separate git content from the agent instructions.
- Capability inventory: The skill utilizes shell-based git commands (SKILL.md).
- Sanitization: No explicit sanitization or validation of the commit data is performed. This is a standard low-risk surface for tools that process user-provided project metadata.
Audit Metadata