change-walkthrough
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill executes
npm installin its base directory to download themarked,marked-highlight, andhighlight.jspackages from the official NPM registry. These are well-known, standard libraries used for markdown parsing and syntax highlighting.\n- [COMMAND_EXECUTION]: The skill uses shell commands to perform its core functions, includinggit diffto retrieve repository changes,npm installfor dependency setup, and the system'sopencommand to display the generated HTML walkthrough.\n- [DATA_EXPOSURE]: The skill accesses local git history and diffs to generate documentation. All generated markdown and HTML files are stored within the skill's owntmpdirectory on the local filesystem. No network exfiltration of this data was observed.\n- [INDIRECT_PROMPT_INJECTION]:\n - Ingestion points: The skill reads untrusted data from
git diffoutput (SKILL.md Step 2).\n - Boundary markers: The collected data is interpolated into markdown files using code block delimiters.\n
- Capability inventory: The skill can install npm packages, write files to its own directory, and open the system browser.\n
- Sanitization: Content is processed through the
markedlibrary inscripts/md-to-html.jsfor HTML conversion, which provides standard parsing of markdown elements.
Audit Metadata