release-changelog
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several local shell commands to perform its tasks. These are standard operations for a development-focused tool.
- Evidence: Uses
lsto check for file existence in SKILL.md Step 0. - Evidence: Uses
git tag,git log, andgit diffto analyze repository history and changes across various steps. - Evidence: Uses
gh pr listandgh apito retrieve pull request and contributor metadata from GitHub in Step 2 and Step 5. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests data from external contributors.
- Ingestion points: Pull request bodies (via
gh pr list), commit messages (viagit log), and changeset files (.changeset/*.md). - Boundary markers: Not explicitly defined in the instructions to separate data from commands.
- Capability inventory: Capability to read/write local markdown files and execute git/GitHub CLI commands.
- Sanitization: The skill includes logic to filter bot accounts and emails, and Step 6 enforces a mandatory human review of the generated draft before it is used, which significantly mitigates the risk of executing or propagating malicious instructions hidden in metadata.
Audit Metadata