changelog
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (LOW): Indirect Prompt Injection Surface. The skill implements a pipeline where an LLM synthesizes release notes from git commit messages and updates GitHub Releases.
- Ingestion points: Commit messages extracted via
git logand responses from the OpenRouter/Gemini API. - Boundary markers: Absent. The instructions do not mandate the use of delimiters or 'ignore embedded instructions' markers when passing commit history to the LLM.
- Capability inventory: The generated
synthesize-release-notes.mjsscript possesses the capability to write to the GitHub repository's releases usingGITHUB_TOKENpermissions. - Sanitization: Absent. There is no requirement to sanitize or filter commit messages before processing, potentially allowing a malicious commit to influence the release notes content.
- Command Execution (LOW): The skill generates a custom script (
synthesize-release-notes.mjs) and configures GitHub Actions to execute it. While the script's purpose is functional, the dynamic generation and execution of code in CI/CD environments is a surface that requires careful agent implementation. - External Downloads (SAFE): The skill utilizes standard, reputable Node.js packages (e.g.,
semantic-release,commitlint) from the public npm registry. No untrusted or obfuscated external sources were identified. - Credentials Unsafe (SAFE): The skill follows best practices by instructing the user to store API keys and tokens (like
GEMINI_API_KEYandGITHUB_TOKEN) in GitHub Secrets rather than hardcoding them in scripts or workflows.
Audit Metadata