changeset
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute
yarn changeset, which is a standard industry tool used for managing versioning and changelogs in Node.js environments. This is a legitimate operation for the skill's stated purpose.- [DATA_EXPOSURE]: The skill performs read and write operations on repository files, including source code, documentation indocs/, and blog posts inwebsite/blog/. These actions are necessary for identifying API changes and keeping project documentation synchronized.- [PROMPT_INJECTION]: The skill includes instructions to process external data (code diffs and PR templates). While this presents a surface for indirect prompt injection, the risk is minimal as the instructions focus on structured data extraction and formatting for developer tools.- [SAFE]: No obfuscation, hardcoded credentials, or unauthorized network communications were detected. The skill's behavior is consistent with its description as a developer utility for managing releases.
Audit Metadata