changelog-writer
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests data from external sources that could contain malicious instructions.
- Ingestion points: The workflow in SKILL.md requires gathering input from PR numbers and external URLs.
- Boundary markers: There are no instructions in the skill to wrap external content in delimiters or use specific markers to separate data from instructions.
- Capability inventory: The allowed-tools configuration in SKILL.md permits Read, Grep, Glob, Write, and Edit operations on the file system.
- Sanitization: The skill does not define any sanitization or validation logic for the gathered external data.
Audit Metadata