changelog-maintenance
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from merged pull requests, commit messages, and issue trackers to generate documentation.
- Ingestion points: Git commit history, PR summaries, and issue descriptions (referenced in SKILL.md and references/automation-and-source-of-truth.md).
- Boundary markers: Absent. There are no explicit instructions for the agent to ignore or delimit instructions found within the source data (e.g., commit messages containing malicious instructions).
- Capability inventory: The skill uses Read, Write, Edit, Glob, and Grep tools, allowing it to modify files in the repository based on its interpretation of external data.
- Sanitization: Absent. The instructions do not include steps to sanitize or escape content from external sources before processing it.
- [EXTERNAL_DOWNLOADS]: Fetches and references configuration and best practices from well-known services and trusted organizations.
- Evidence: References release-please from the googleapis GitHub repository, which is a well-known service.
- Evidence: References standard industry practices from Steamworks and Keep a Changelog.
Audit Metadata