release-changelog-discord-message
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill accesses project-specific release files located at
releases/vYYYY.MDD.P.md. This access is necessary for its primary function and does not involve sensitive user credentials or system files. - [COMMAND_EXECUTION]: The skill instructs the agent to perform an API
PUTrequest to/api/issues/{releaseIssueId}/documents/discord_announcement. This is a routine operation for updating project documentation within the authorized environment. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from changelog files and issue comments. While this presents a theoretical injection surface, the instructions are specific regarding output format (markdown code blocks) and the intended outcome is a public-facing announcement, which limits the impact of potential manipulation. Severity is considered low.
- [EXTERNAL_DOWNLOADS]: All referenced external links (GitHub, Twitter/X) point to the official repositories and accounts belonging to the 'paperclipai' organization, matching the skill's author context.
Audit Metadata