changelog-scan
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches documentation and changelog data from code.claude.com, which is the official documentation domain for Claude Code.
- [COMMAND_EXECUTION]: The workflow in SKILL.md specifies the execution of scripts/fetch-changelog.sh. This script file is not included in the skill package, which prevents inspection of its specific logic.
- [PROMPT_INJECTION]: The skill processes external documentation content, which presents an indirect prompt injection risk.
- Ingestion points: Documentation URLs listed in references/sources.md, such as code.claude.com/docs/en/changelog.md.
- Boundary markers: There are no explicit delimiters or instructions to ignore instructions embedded within the fetched content.
- Capability inventory: The skill performs shell script execution and writes state information to the local file system at ~/.claude/logs/.
- Sanitization: No data validation or sanitization of the fetched external content is described.
Audit Metadata