changelog-writer
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill identifies a surface for indirect prompt injection due to its processing of untrusted external data.\n
- Ingestion points: Untrusted data enters the agent context via PR numbers, URLs, and manual change lists as specified in the workflow section of SKILL.md.\n
- Boundary markers: The workflow uses structured templates and frontmatter but lacks specific delimiters or instructions to ignore commands that might be embedded in the source PR descriptions or external URLs.\n
- Capability inventory: The skill has access to file system tools (Read, Grep, Glob, Write, Edit) and a specific publishing tool (/publish_changelog), which could be targets for manipulation if an injection is successful.\n
- Sanitization: There is no explicit requirement for the agent to sanitize or escape the content retrieved from external sources before it is drafted into the final changelog.
Audit Metadata