update-changelog

The SKILL.md file provides step-by-step instructions for a human user to update a changelog. It outlines how to determine a baseline version using git describe --tags --abbrev=0 and how to find commits using git log <baseline-version>..HEAD. The skill then guides the user on how to manually update the changelog file. There are no executable code blocks intended for an AI agent, nor does the skill instruct the agent to perform any actions that could lead to security risks.

• Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', 'Override', 'jailbroken') were found.
• Data Exfiltration: The skill does not contain any network requests (curl, wget, fetch) or commands that access sensitive file paths for exfiltration.
• Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) were detected.
• Unverifiable Dependencies: The skill relies on standard system tools (git) and does not instruct the installation of any external, unverified packages or dependencies.
• Privilege Escalation: No commands like sudo, chmod 777, or service installations are present.
• Persistence Mechanisms: There are no instructions to modify system configuration files, user profiles (.bashrc), or create scheduled tasks (crontab).
• Metadata Poisoning: The skill's name and description are benign and do not contain any malicious instructions.
• Indirect Prompt Injection: While git log output could contain arbitrary text, the skill's instructions are for human interpretation and manual editing, not for the agent to process in a way that would lead to indirect injection into an LLM. The risk is negligible.
• Time-Delayed / Conditional Attacks: No conditional logic based on dates, usage, or environment variables was found.

Overall, this skill is a safe, descriptive guide for a manual process.