product-changelog
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the 'belt' CLI tool to run various containerized applications ('infsh/agent-browser', 'infsh/stitch-images', etc.) for creating visual assets. These commands are consistent with the skill's primary function.
- [EXTERNAL_DOWNLOADS]: Contains references to the vendor's official documentation and installation scripts located on GitHub for the 'belt' CLI and related skills.
- [PROMPT_INJECTION]: As the skill is intended to summarize external project data like commit messages and PR descriptions, it possesses an indirect prompt injection surface. However, this is a standard risk for summarization tasks and is mitigated by the platform's execution guardrails.
Audit Metadata