ce-changelog
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
gh(GitHub) CLI to fetch pull request and issue details from a repository. - [DATA_EXFILTRATION]: The skill provides instructions for optionally sending the generated changelog to a Discord webhook using
curl. Discord is recognized as a well-known service. - [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted content from external sources (GitHub PR descriptions, labels, and issue context) which are then processed by the agent to generate the changelog.
- Ingestion points: Pull request descriptions, labels, and linked issue context retrieved via the GitHub CLI.
- Boundary markers: None present; the agent is instructed to analyze provided changes without explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: Subprocess calls for
ghandcurlcommands. - Sanitization: No evidence of sanitization or validation of the fetched PR content before processing.
Audit Metadata