product-changelog

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references installation scripts and related skills from inference.sh and its associated GitHub repositories. These resources are integral to the skill's stated functionality and originate from the vendor's infrastructure.
  • [COMMAND_EXECUTION]: The skill employs the belt CLI tool to perform various automated tasks, including capturing screenshots via an agent-controlled browser and generating product visuals using AI models. Command execution is appropriately restricted to the belt utility through the allowed-tools frontmatter configuration.
  • [PROMPT_INJECTION]: The skill handles untrusted data provided by users (such as raw changelog details) to produce formatted updates, presenting an indirect prompt injection surface.
  • Ingestion points: User-provided changelog and release note content (SKILL.md).
  • Boundary markers: The instructions do not define delimiters or specific safety instructions for the agent when processing external text.
  • Capability inventory: Subprocess execution via Bash(belt *) providing access to browser automation and image generation tools (SKILL.md).
  • Sanitization: No explicit validation or filtering of user-supplied content is described.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 10:16 AM