release-sync
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill reads content from local documentation files including
CHANGELOG.md,CLAUDE.md, andsrc/hooks/README.md. This data is then transmitted to external services usingmcp__notebooklm-mcp__source_addandmcp__hq-content__knowledge_ingest. This behavior is the intended primary purpose of the skill for syncing release info to external platforms like Google's NotebookLM. - [COMMAND_EXECUTION]: The skill utilizes Model Context Protocol (MCP) tools to interact with external knowledge systems and potentially generate audio artifacts. These tools are searched for and executed based on the user's configured MCP environment.
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection as it processes data from local files that could be influenced by external contributors.
- Ingestion points: Reads content from project files such as
CHANGELOG.mdandsrc/hooks/README.md(SKILL.md). - Boundary markers: Absent; the skill does not wrap the read content in protective delimiters or provide instructions to ignore embedded commands.
- Capability inventory: Includes the ability to write to external knowledge bases and trigger studio creation via MCP tools.
- Sanitization: No explicit sanitization or validation of the ingested text is performed before it is sent to external tools.
- [SAFE]: No signs of obfuscation, direct prompt injection, persistence mechanisms, or unauthorized privilege escalation were found. The use of a dedicated configuration file for managing service identifiers follows standard development practices.
Audit Metadata