generate-release-notes
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill utilizes standard bash commands and the GitHub CLI (gh) to interact with the teambit/bit repository. These actions are necessary for the skill's primary function and do not exhibit malicious intent or privilege escalation.
- INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted text from commit messages and pull request descriptions. Evidence: 1. Ingestion points: GitHub API (SKILL.md); 2. Boundary markers: None; 3. Capability inventory: Local file writing and API queries; 4. Sanitization: None. While this creates a potential surface for injection, the risk is minimal as the output is restricted to markdown documentation.
Audit Metadata