leather-changelog
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection. It processes data from potentially attacker-controlled external sources such as GitHub Pull Requests and Linear projects without specific safety delimiters. * Ingestion points: GitHub PRs, Linear projects, and user-provided feature descriptions. * Boundary markers: Absent. There are no instructions for the agent to ignore or delimit embedded instructions within the ingested data. * Capability inventory: The skill executes a local script (
scripts/sanity-changelog.js) which performs network operations via the Sanity CMS API. * Sanitization: Absent. No sanitization or validation steps are described for the external content before it is processed. - COMMAND_EXECUTION (LOW): The skill facilitates the execution of a local script (
scripts/sanity-changelog.js) to perform automated CMS updates. This requires the user to provide sensitive credentials like 'SANITY_API_TOKEN' and 'SANITY_PROJECT_ID' as environment variables.
Audit Metadata