lightfast-changelog
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
pnpm --filter @lightfast/www typecheckto validate metadata in changelog entries against the project's Zod schema. - [COMMAND_EXECUTION]: The skill performs file system operations (read and write) on MDX files in the
apps/www/src/content/changelog/directory to maintain documentation. - [PROMPT_INJECTION]: The skill ingests user input via $ARGUMENTS and interacts with local files, creating a potential surface for indirect prompt injection. Mitigation is provided through the use of
<user-request>tags and automated validation of the generated content.
Audit Metadata