Skills
skills/laurigates/claude-plugins/changelog-review/Gen Agent Trust Hub

changelog-review

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses WebFetch to retrieve the changelog from https://raw.githubusercontent.com/anthropics/claude-code/main/CHANGELOG.md. This is a trusted source belonging to a well-known organization (Anthropic). The content is fetched for analysis purposes and is not executed.
  • [COMMAND_EXECUTION]: The skill utilizes basic Bash commands like cat and jq to read and parse the local state file .claude-code-version-check.json. These operations are limited to local configuration management and do not pose a security risk.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external data (the changelog). While this constitutes an attack surface, the source is a trusted repository, and the skill's purpose is to summarize and categorize the information for a human reviewer. This is considered low risk and within standard agent operational parameters.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 07:05 PM