Skills
skills/phrazzld/claude-config/changelog-audit/Gen Agent Trust Hub

changelog-audit

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The command node -e "require('./.releaserc.js')" is used to validate the semantic-release configuration. This causes Node.js to execute the contents of .releaserc.js. If an attacker contributes a malicious configuration file to a repository, running this audit skill would result in arbitrary code execution on the auditor's system.
  • PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface by ingesting untrusted data from external sources.
  • Ingestion points: The skill reads data from CHANGELOG.md, git log, and GitHub release bodies via gh release view.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present when processing this data.
  • Capability inventory: The agent has access to shell execution, file system reads, and GitHub CLI operations.
  • Sanitization: No sanitization or validation of the ingested text is performed before it is passed to the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:25 PM