changesets
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses git and gh tools to collect branch and PR information, which is appropriate for its stated purpose of managing changesets.\n- [SAFE]: It implements manual "stop-and-ask" checkpoints for potentially high-impact actions, such as major version bumps or handling ambiguous commit histories, providing a human-in-the-loop security control.\n- [SAFE]: The skill explicitly forbids high-risk operations like 'git push' or PR modifications, instructing the agent to hand off these tasks to specialized tools instead, which enforces the principle of least privilege.\n- [PROMPT_INJECTION]: The skill ingests PR titles and commit messages to generate summaries, creating a surface for indirect prompt injection. However, the risk is assessed as safe due to the restricted output format (markdown files) and the requirement for subsequent human review in the development pipeline. Ingestion points: gh pr view (title, body) and git log (commit subjects); Boundary markers: None; Capability inventory: Write tool for changeset files and git commit for staging; Sanitization: None.
Audit Metadata