asc-whats-new-writer
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes git describe and git log to automatically extract commit history for release note generation.
- [COMMAND_EXECUTION]: It utilizes the asc CLI tool (a vendor resource from rudrankriyam) to download existing metadata and upload new versions. This capability is gated by a mandatory Phase 4 approval step.
- [PROMPT_INJECTION]: The skill processes untrusted data from git logs and user inputs (SKILL.md, Phase 1). Boundary markers are absent in the prompt construction. Capability inventory includes shell execution of git and the asc tool (SKILL.md, Phase 3 and 4). While formal sanitization is not specified, the risk of indirect prompt injection is mitigated by the mandatory manual review and approval process before any generated content is uploaded.
Audit Metadata