release-please-changelog
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the official release-please-action from the googleapis GitHub organization, which is a trusted and well-known source for development tools.
- [COMMAND_EXECUTION]: The skill performs file system inspection and modifications on standard repository configuration files such as package.json and GitHub workflows to set up release automation.
- [PROMPT_INJECTION]: The skill processes repository data like commit history, which represents a standard indirect prompt injection surface for changelog generators. 1. Ingestion points: Reads commit messages and PR titles from the repository (SKILL.md). 2. Boundary markers: Not explicitly defined. 3. Capability inventory: Modifies repository configuration and workflow files (SKILL.md). 4. Sanitization: Relies on the standard parsing logic of the release-please tool.
Audit Metadata