changelog-setup
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (LOW): The skill implements an LLM-based workflow to synthesize release notes from git commit history, creating an indirect prompt injection surface. -- Ingestion points: The synthesis process (referenced in
scripts/synthesize-release-notes.mjs) consumes git commit messages which are untrusted external data. -- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided configuration templates. -- Capability inventory: The setup includes GitHub Actions workflows with permissions to write contents, issues, and pull requests. -- Sanitization: The configuration does not specify sanitization or escaping of commit messages before they are processed by the LLM. - [External Downloads] (LOW): The skill installs multiple npm packages (e.g.,
semantic-release,commitlint,lefthook). While these are well-known development tools, they are downloaded from the public registry without pinned versions. The severity is LOW as these actions are central to the skill's primary purpose. - [Command Execution] (SAFE): The skill performs transparent setup tasks, including creating configuration files, installing git hooks, and managing GitHub secrets via the official CLI. These operations are appropriate for the tool's functionality.
Audit Metadata