release-changelog-discord-message

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE]: The skill accesses project-specific release files located at releases/vYYYY.MDD.P.md. This access is necessary for its primary function and does not involve sensitive user credentials or system files.
  • [COMMAND_EXECUTION]: The skill instructs the agent to perform an API PUT request to /api/issues/{releaseIssueId}/documents/discord_announcement. This is a routine operation for updating project documentation within the authorized environment.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from changelog files and issue comments. While this presents a theoretical injection surface, the instructions are specific regarding output format (markdown code blocks) and the intended outcome is a public-facing announcement, which limits the impact of potential manipulation. Severity is considered low.
  • [EXTERNAL_DOWNLOADS]: All referenced external links (GitHub, Twitter/X) point to the official repositories and accounts belonging to the 'paperclipai' organization, matching the skill's author context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 01:15 PM
Security Audit — agent-trust-hub — release-changelog-discord-message