Skills
skills/sharex/xerahs/update-changelog/Gen Agent Trust Hub

update-changelog

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes PowerShell and Bash scripts that execute git commands and modify local files. Instructions recommend running the PowerShell script with -ExecutionPolicy Bypass to facilitate local execution without script signing.
  • [SAFE]: The skill ingests untrusted data from git logs (commit subjects and author names) to generate documentation in docs/CHANGELOG.md. This represents a surface for indirect prompt injection, but it is a standard implementation for changelog tooling.
  • Ingestion points: Git commit history parsed in scripts/update-changelog.ps1 and the Python logic in scripts/update-changelog.sh.
  • Boundary markers: Not present; commit data is formatted as markdown list items.
  • Capability inventory: File system writes to the repository and execution of git commands.
  • Sanitization: None; the skill relies on regular expressions for structural categorization of commit messages.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 07:21 PM