changelog-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- INDIRECT_PROMPT_INJECTION (LOW): The skill documentation identifies a pattern where untrusted data (commit messages and changeset descriptions) is ingested and processed by an LLM for 'synthesis' into user-friendly release notes. \n
- Ingestion points: Git commit messages and changeset markdown files as described in references/semantic-release.md and references/changesets.md. \n
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are provided in the synthesis examples. \n
- Capability inventory: The release workflow includes automatic publishing to NPM and Git push/tag operations. \n
- Sanitization: No sanitization or validation of input data is mentioned for the LLM synthesis step.\n- EXTERNAL_DOWNLOADS (LOW): The skill recommends installing various NPM packages and using GitHub Actions. These are from trusted sources (semantic-release, changesets, commitlint, and official GitHub actions), which downgrades the severity per [TRUST-SCOPE-RULE].\n- CREDENTIALS_UNSAFE (SAFE): Examples for CI/CD workflows correctly demonstrate the use of environment secrets (GITHUB_TOKEN, NPM_TOKEN) rather than hardcoding credentials.\n- NO_CODE (SAFE): The skill consists exclusively of documentation, configuration templates, and markdown files. No custom executable scripts or binary files are provided.
Audit Metadata