release-post
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill references and executes a local R script ('scripts/get_contributors.R') which is not provided in the skill package, making its internal logic unverifiable. It also calls R functions like 'hugodown::hugo_start()' to manage blog posts, which is standard for the skill's domain. \n- [EXTERNAL_DOWNLOADS] (LOW): The skill recommends installing R packages from 'r-lib/hugodown' and using 'usethis' to fetch GitHub metadata. While these sources (r-lib, tidyverse) are reputable in the R ecosystem, they are not on the strictly defined trusted sources list. \n- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it transforms content from external 'NEWS.md' or 'CHANGELOG' files into blog posts. \n
- Ingestion points: 'NEWS.md' and 'CHANGELOG' files. \n
- Boundary markers: None identified to delineate or ignore embedded instructions. \n
- Capability inventory: Shell command execution via 'Rscript' and file writing via 'hugodown'. \n
- Sanitization: Content transformation relies on the LLM without explicit sanitization or validation steps.
Audit Metadata