create-manifest
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from the repository's git history and code diffs to generate human-readable changelogs. While this presents a surface for indirect prompt injection, it is the primary intended function of the skill.
- Ingestion points: Commit messages (
git log) and source changes (git diff) are read in Steps 2 and 3 ofSKILL.md. - Boundary markers: No specific delimiters are used to wrap commit data or instructions to the agent to ignore embedded commands.
- Capability inventory: The skill has permissions to write manifest files and MDX documentation, as well as execute shell commands like
pnpmandnode. - Sanitization: No automated sanitization of commit messages is implemented prior to processing.
- [COMMAND_EXECUTION]: The skill executes standard shell commands for version control and build management, including
git log,git diff,git tag, and project-local scripts found inpackages/cli/scripts/. - [EXTERNAL_DOWNLOADS]: The skill interacts with the official npm registry using
npm viewto verify package versions and usesnpxto initialize test environments with vendor packages (@mindfoldhq/trellis). These operations target well-known services and the author's own official tools.
Audit Metadata