Skills
skills/robertalvv/productivity-skills/release-notes-generator/Gen Agent Trust Hub

release-notes-generator

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local git commands (git log, git tag, git diff) and system utilities (cat, grep) to retrieve version history and project metadata. It includes a validation step in SKILL.md (Step 2) to ensure that git tags exist in the repository before they are passed as arguments to other commands, which prevents errors and reduces the risk from malformed inputs.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes untrusted data from git commit messages and project documentation.
  • Ingestion points: git log output, PR descriptions, and the CHANGELOG.md file as specified in SKILL.md (Step 3).
  • Boundary markers: There are no explicit markers or instructions to the agent to ignore instructions embedded within the commit data.
  • Capability inventory: The skill can execute local shell commands (git, cat) and write the generated release notes to a file (Step 8).
  • Sanitization: The skill relies on the AI's instructional guidelines to filter technical content and transform it into stakeholder-friendly narrative, but it does not perform explicit sanitization of the input strings.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 07:59 PM