parsing-changelogs
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests and processes untrusted data from external changelog feeds and websites, creating an indirect prompt injection surface where malicious instructions in the source material could attempt to influence the agent.\n
- Ingestion points: The skill fetches content from URLs defined in source metadata (
feedUrl,markdownUrl) and link patterns detected during crawl mode as described inSKILL.md.\n - Boundary markers: The skill mentions
parseInstructionsfor the primary extraction task, but lacks explicit boundary markers or 'ignore' instructions for the subagent content assessment prompts.\n - Capability inventory: The agent has access to tools for web fetching, updating source metadata (
manage_source,releases admin source update), and modifying organization playbooks.\n - Sanitization: No explicit sanitization or validation of external content is specified before the data is processed by the AI.
Audit Metadata