changelog-automation
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references several industry-standard tools and libraries from trusted sources, including NPM packages like 'conventional-changelog-cli', 'standard-version', and 'semantic-release', as well as Python packages like 'bump2version' and 'commitizen'. It also utilizes well-known GitHub Actions from the 'actions' and 'googleapis' organizations. These references are standard for release automation workflows.
- [COMMAND_EXECUTION]: The skill provides numerous examples for using development CLI tools such as 'git', 'gh', 'npm', and 'pip'. These commands are focused on repository management, versioning, and publishing workflows, which are consistent with the skill's stated purpose.
- [DATA_EXFILTRATION]: No evidence of unauthorized data exfiltration or hardcoded credentials was found. References to repository secrets in GitHub Actions snippets (e.g., GITHUB_TOKEN, NPM_TOKEN) follow standard security practices for environment variable interpolation.
- [PROMPT_INJECTION]: No patterns of role-play instructions, safety bypasses, or malicious overrides were detected in the skill instructions or metadata.
Audit Metadata