pre-release
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes content from the .changeset directory, which could contain malicious instructions designed to influence the agent's behavior (Indirect Prompt Injection).
- Ingestion points: Files within the .changeset directory (SKILL.md).
- Boundary markers: Absent; no specific delimiters or warnings to ignore embedded instructions are present in SKILL.md.
- Capability inventory: Reading file contents and committing changes to the repository via git (SKILL.md).
- Sanitization: Absent; no filtering or validation of the processed content is specified in SKILL.md.
Audit Metadata