breaking-change-detector
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection because it processes untrusted API specifications as input for its analysis logic.
- Ingestion points: Processes user-provided Version A and Version B specifications for diff analysis in the
SKILL.mdprotocol. - Boundary markers: No delimiters or instructions are specified to isolate the content of the API specifications from the agent's core instructions.
- Capability inventory: The skill specifies the capability to write markdown and JSON reports to the
docs/api-report/directory. - Sanitization: No specific sanitization, validation, or escaping of the input specification content is defined before the analysis or report generation.
- [NO_CODE]: The skill does not contain any executable scripts, binary files, or external dependencies, operating entirely through instructions and configuration files.
Audit Metadata