product-changelog

SUSPICIOUS: the stated purpose is mostly consistent with writing release notes and generating visuals, but the skill is overextended by broad bash access, dependency on an external CLI with imperfect install/provenance clarity, remote URL-processing apps, and transitive skill installation instructions. This looks more like a platform-onboarding skill than a narrowly scoped changelog helper, so risk is medium rather than benign.