changelog-narrator
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user data by reading document files from the workspace. This is an inherent surface for indirect prompt injection, where an attacker could place malicious instructions inside a document to influence the agent's output during comparison.
- Ingestion points: Reads local
.mdand.txtfiles as specified inSKILL.md. - Boundary markers: The skill does not explicitly use delimiters or instructions to ignore commands within the source files, though it focuses on summarizing changes rather than executing content.
- Capability inventory: The skill is restricted to file reading and text processing. It lacks network access, shell execution, or file-writing capabilities.
- Sanitization: No explicit sanitization or filtering of document content is performed prior to analysis.
- [SAFE]: The skill contains no executable scripts, third-party code, or external dependencies. It relies exclusively on natural language instructions for the agent to perform its primary function.
Audit Metadata