skills/skill-zero/s/product-changelog/Gen Agent Trust Hub

product-changelog

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill references installation instructions for the 'belt' CLI hosted on the official GitHub repository for the platform (github.com/inference-sh). This is documented as a legitimate dependency for the skill's functionality.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute various shell commands using the 'belt' CLI, including logging in, running AI models for image generation, and managing skill extensions. These commands are necessary for the skill's documented purpose of generating release note visuals.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes potentially untrusted external inputs such as technical logs, pull request descriptions, and feature specifications to generate user-facing content.
  • Ingestion points: Source text from developers or version control systems (SKILL.md).
  • Boundary markers: The skill lacks explicit instructions or markers to help the agent distinguish between formatting guidelines and potentially malicious instructions embedded in the processed data.
  • Capability inventory: The skill has access to the 'belt' CLI which can execute shell commands, take screenshots of URLs, and interact with remote AI models (SKILL.md).
  • Sanitization: No validation or sanitization of the input data is specified before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 01:00 AM
Security Audit — agent-trust-hub — product-changelog