Skills
skills/openameba/spindle/create-changeset/Gen Agent Trust Hub

create-changeset

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted data from the repository's git history.
  • Ingestion points: Steps 1, 2, and 3 involve reading git commit logs and diffs using git log and git diff to determine versioning logic.
  • Boundary markers: Absent. The skill instructions do not specify any delimiters or warnings to ignore instructions that might be embedded within commit messages.
  • Capability inventory: The skill has access to Bash(git:*), Bash(pnpm:*), Read, and Write tools, allowing it to modify the filesystem and commit changes.
  • Sanitization: Absent. There is no mechanism to filter or sanitize the content of commit messages before the agent interprets them to decide between 'major', 'minor', or 'patch' version bumps.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:28 PM