parsing-changelogs

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests and processes untrusted data from external changelog feeds and websites, creating an indirect prompt injection surface where malicious instructions in the source material could attempt to influence the agent.\n
  • Ingestion points: The skill fetches content from URLs defined in source metadata (feedUrl, markdownUrl) and link patterns detected during crawl mode as described in SKILL.md.\n
  • Boundary markers: The skill mentions parseInstructions for the primary extraction task, but lacks explicit boundary markers or 'ignore' instructions for the subagent content assessment prompts.\n
  • Capability inventory: The agent has access to tools for web fetching, updating source metadata (manage_source, releases admin source update), and modifying organization playbooks.\n
  • Sanitization: No explicit sanitization or validation of external content is specified before the data is processed by the AI.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 11:19 PM
Security Audit — agent-trust-hub — parsing-changelogs