create-changelog
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Executes standard local shell commands (
gitandgh) to retrieve repository tags and release history. These are legitimate, low-risk operations used for their intended purpose of metadata collection. - [DATA_EXFILTRATION]: Accesses public-facing repository information such as commit messages and release notes. No sensitive local files, credentials, or environment variables are accessed or transmitted externally.
- [PROMPT_INJECTION]: Processes external content from git logs and release bodies. While this technically creates a surface for indirect prompt injection, the risk is mitigated by the skill's limited scope (writing a markdown file) and the fact that these sources are typically under the control of the repository's own developers.
Audit Metadata