claude-changelog
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches release information and changelog files from the official GitHub repository for Anthropics (anthropics/claude-code). These references target a trusted organization and are documented neutrally as safe.\n- [COMMAND_EXECUTION]: Employs the 'gh' CLI and 'curl' to retrieve data from the GitHub API and raw content servers. These commands are used for legitimate data retrieval for the skill's primary purpose.\n- [PROMPT_INJECTION]: The skill processes external text from release notes, creating a surface for potential indirect prompt injection.\n
- Ingestion points: Data is fetched from the 'anthropics/claude-code' releases using the GitHub API or curl.\n
- Boundary markers: No explicit delimiters are used when processing the release body.\n
- Capability inventory: Uses Bash to perform network requests and write a markdown file to the local directory.\n
- Sanitization: No explicit filtering or sanitization of the external content is performed.\n
- Assessment: Since the data source is the official repository of a trusted vendor, the risk is negligible.
Audit Metadata