release-notes
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing untrusted external data.
- Ingestion points: The skill explicitly reads external data from JIRA exports, Linear tickets, PRDs, Git logs, and product URLs via web search.
- Boundary markers: There are no defined delimiters or instructions to the model to ignore potential malicious instructions embedded within the source documents or websites.
- Capability inventory: The agent uses web search to gather information and produces markdown or HTML output based on the provided content.
- Sanitization: The instructions do not include any steps to sanitize, escape, or validate the external content before processing it into release notes.
Audit Metadata