summarize-changes
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions utilize the 'Bash' tool to run local git commands like 'git status' and 'git diff --stat' for the purpose of identifying code changes. These operations are restricted to the local repository and align with the skill's core functionality.
- [PROMPT_INJECTION]: The skill uses structured tags and instructions to guide the agent in summarizing code. It includes a memory protocol that reads from local files in '.claude/context/memory/'. While reading local files is a potential surface for indirect injection, the risk is negligible as it involves the user's own development environment context.
- [EXTERNAL_DOWNLOADS]: The skill does not perform any network requests or download external content. All operations are conducted locally using existing tools.
- [REMOTE_CODE_EXECUTION]: There are no indicators of remote code execution. The Node.js script ('scripts/main.cjs') and hooks are simple wrappers for local logic without any dynamic code evaluation or remote fetching.
Audit Metadata