release-notes-changelog-normalizer
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or suspicious code execution were detected. The skill performs local file reading and writing as part of its intended purpose of release note normalization.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it processes untrusted release notes from a JSON file. This is a common characteristic of data-processing skills and is considered safe given the lack of dangerous capabilities.
- Ingestion points:
release_notes_changelog_normalizer.pyreads JSON data from the file path provided to the--inargument. - Boundary markers: None used; the script treats input as raw strings for normalization.
- Capability inventory: File read and write access via Python's
open()function; no network or shell execution capabilities. - Sanitization: Includes light string normalization (whitespace removal, casing) but no filtering for prompt injection instructions.
Audit Metadata