create-manifest

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the repository's git history and code diffs to generate human-readable changelogs. While this presents a surface for indirect prompt injection, it is the primary intended function of the skill.
  • Ingestion points: Commit messages (git log) and source changes (git diff) are read in Steps 2 and 3 of SKILL.md.
  • Boundary markers: No specific delimiters are used to wrap commit data or instructions to the agent to ignore embedded commands.
  • Capability inventory: The skill has permissions to write manifest files and MDX documentation, as well as execute shell commands like pnpm and node.
  • Sanitization: No automated sanitization of commit messages is implemented prior to processing.
  • [COMMAND_EXECUTION]: The skill executes standard shell commands for version control and build management, including git log, git diff, git tag, and project-local scripts found in packages/cli/scripts/.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with the official npm registry using npm view to verify package versions and uses npx to initialize test environments with vendor packages (@mindfoldhq/trellis). These operations target well-known services and the author's own official tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 01:25 AM
Security Audit — agent-trust-hub — create-manifest