release-notes
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill executes
gitandgh(GitHub CLI) commands to retrieve tags, commit logs, pull requests, and issues. These commands are necessary for the skill's primary function and are performed within the local repository context. - DATA_EXPOSURE (SAFE): The skill accesses project files such as
package.json,.toml, and.env.exampleto detect configuration changes. It does not attempt to read sensitive private keys or system credentials. - INDIRECT_PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted data from PR and Issue bodies. Evidence: 1. Ingestion points: PR/Issue titles and bodies via
ghcommands. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the collection logic. 3. Capability inventory: Shell command execution (git,gh) and file system access. 4. Sanitization: No sanitization of the external data is performed before it is processed by the agent. This is a common surface for summarization tasks and is mitigated by the skill's specific writing rules.
Audit Metadata