release-sync
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from local project files and passes it to external tools without proper isolation or sanitization.
- Ingestion points: Content is read from local files
CHANGELOG.md,CLAUDE.md, andsrc/hooks/README.mdin Step 1. - Boundary markers: No delimiters or specific instructions are provided to help the agent distinguish between the data being processed and potential instructions embedded within those files.
- Capability inventory: The skill uses
mcp__notebooklm-mcp__source_addandmcp__hq-content__knowledge_ingestto transmit data to external services. - Sanitization: No sanitization or validation of the file content is performed before it is included in the release digest and uploaded via MCP tools.
Audit Metadata