create-release
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted PR titles and descriptions.
- Ingestion points: The
list_repo_pullstool is used in Step 3 to fetch PR data from the repository (SKILL.md). - Boundary markers: Step 5 mandates showing the generated changelog to the user for explicit confirmation before any release is created (SKILL.md).
- Capability inventory: The skill utilizes
list_releases,list_repo_pulls, andcreate_release(SKILL.md). - Sanitization: The agent is instructed to rephrase non-semantic titles during changelog generation to preserve intent and structure (SKILL.md).
Audit Metadata