changelog
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill identifies a surface for indirect prompt injection because it reads existing markdown/MDX files and uncommitted changes to guide its output generation. Ingestion points: Reads files from
src/content/changelog/and uncommitted or staged.mdand.mdxfiles. Boundary markers: Absent; there are no specific delimiters used to separate ingested file content from the agent's instructions. Capability inventory: The skill performs file-write operations within thesrc/content/changelog/directory. Sanitization: No sanitization or filtering logic is defined for the content read from the filesystem.
Audit Metadata