make-changes
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands such as
pnpm changes:previewand linting scripts to validate changelog entries. These commands are repository-specific and used to verify the output of the skill's primary task. - [PROMPT_INJECTION]: The skill processes data from PR diffs and commit ranges, creating an indirect prompt injection surface.
- Ingestion points: Untrusted data from PR diffs and commit ranges are ingested in workflow step 1.
- Boundary markers: Absent; no delimiters or 'ignore' instructions are specified for the ingested content.
- Capability inventory: The agent can write to the filesystem (
packages/*/.changes/) and execute shell commands viapnpm. - Sanitization: Absent; no validation or escaping of external content is performed.
Audit Metadata