release-changelog
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several standard command-line tools (git, ls, grep, rg, and the GitHub CLI gh) to extract version tags, commit history, and pull request metadata. These operations are performed in a read-only manner to gather data for documentation purposes.
- [PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface through the ingestion of external data. Ingestion points: Untrusted text from git commit messages and pull request bodies is read into the agent context. Boundary markers: The skill does not define clear delimiters or isolation instructions for content read from external sources. Capability inventory: The agent is limited to reading metadata and generating a local markdown draft; it lacks capabilities for automated write operations, code execution, or network exfiltration. Sanitization: No sanitization or validation of the pull request text is performed before it is processed by the AI.
Audit Metadata