Skills
skills/ratacat/claude-skills/changelog/Gen Agent Trust Hub

changelog

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection risk through ingestion of untrusted external data.
  • Ingestion points: The skill reads GitHub PR descriptions and linked issues via the gh cli tool.
  • Boundary markers: There are no specified delimiters or warnings to ignore instructions embedded in the PR data.
  • Capability inventory: The skill uses gh cli for reading and potentially curl for network output to Discord.
  • Sanitization: No sanitization or escaping of the ingested PR content is performed before generating the report.
  • [DATA_EXFILTRATION] (LOW): The skill instructions explicitly encourage the inclusion of potentially sensitive deployment data in the final output.
  • Evidence: The "Deployment Notes" section asks the agent to include "Database migrations required" and "Environment variable updates needed".
  • Risk: If these notes contain actual secrets or sensitive schema details, they are sent to an external Discord webhook.
  • [COMMAND_EXECUTION] (LOW): The skill provides a shell script template using curl to post data to an external Discord webhook.
  • Evidence: The "Discord Posting" section contains a code block with a curl command that interpolates the {{CHANGELOG}} variable.
  • Risk: If the agent executes this command using a shell, an attacker-controlled PR description could attempt to break out of the JSON payload and execute arbitrary commands or leak environment variables via shell injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:10 PM