update-changelog
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill creates a surface for indirect prompt injection by reading untrusted content from changelog and metadata files. Evidence: 1. Ingestion points: changelog.md and SKILL.md. 2. Boundary markers: No delimiters or instructions to ignore embedded commands within the files are provided. 3. Capability inventory: The agent is instructed to read and write to the local file system. 4. Sanitization: No input validation or escaping of the ingested content is performed.
- [No Code] (SAFE): The skill consists entirely of markdown instructions and does not include any executable scripts, binaries, or package dependencies.
Audit Metadata