Skills
NYC
skills/s-hiraoku/claude-code-harnesses-factory/changelog-interpreter/Gen Agent Trust Hub

changelog-interpreter

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWSAFE
Full Analysis
  • Indirect Prompt Injection (INFO): The skill is designed to ingest and process untrusted data from changelogs and external web sources, creating a potential surface for indirect prompt injection.
  • Ingestion points: Processes the changelogs array from input and fetches content from external URLs via WebSearch and WebFetch.
  • Boundary markers: The instructions do not specify delimiters or boundary markers to isolate external content from the agent's instructions.
  • Capability inventory: The skill is limited to information retrieval and generating a user-friendly summary for display. It does not possess file-write, command execution, or data exfiltration capabilities.
  • Sanitization: No sanitization or content filtering is implemented for the retrieved data.
  • External Network Access (LOW): The skill performs network operations to gather feature details.
  • Source status: Targets are restricted to trusted official sources (anthropic.com and github.com), which downgrades the severity of the network operations per the [TRUST-SCOPE-RULE].
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 01:36 PM