▥AGENT LAB: SKILLS — FEB 26 NYCNYC

skills/s-hiraoku/claude-code-harnesses-factory/changelog-interpreter/Snyk

changelog-interpreter

Warn

Audited by Snyk on Feb 16, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.70). The skill explicitly requires running WebSearch with unrestricted queries (e.g., "Claude Code {version} release notes" / "Claude Code new features {version}") and WebFetch of public sites including GitHub Releases (https://github.com/anthropics/claude-code/releases), meaning the agent will ingest open/public third-party content that could be user-generated or untrusted.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires using WebSearch/WebFetch at runtime to retrieve and inject content from official sources—e.g. https://docs.anthropic.com/en/docs/claude-code, https://www.anthropic.com/news, and https://github.com/anthropics/claude-code/releases—which will directly control the agent's generated prompts/summaries.

Audit Metadata

Risk Level

MEDIUM

Analyzed

Feb 16, 2026, 01:36 PM