Skills
skills/phrazzld/claude-config/changelog-page/Gen Agent Trust Hub

changelog-page

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • PROMPT_INJECTION (LOW): Indirect Prompt Injection surface (Category 8) detected in the generated React components.\n
  • Ingestion points: Untrusted release data is fetched from the GitHub Releases API (release.body) in lib/github-releases.ts.\n
  • Boundary markers: Absent. There are no delimiters or instructions to treat the fetched content as untrusted, increasing the risk of the LLM or browser interpreting malicious payloads.\n
  • Capability inventory: The generated application uses dangerouslySetInnerHTML in app/changelog/page.tsx to render markdown, which allows for script execution in the user's browser context.\n
  • Sanitization: Incomplete. The parseMarkdown function in references/changelog-page-component.md escapes basic characters (<, >) but fails to sanitize the href attribute in links, allowing javascript: URI injection.\n- EXTERNAL_DOWNLOADS (LOW): The skill references the installation of external dependencies marked and @tailwindcss/typography via pnpm. These are well-known packages from the standard NPM registry.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:25 PM