product-changelog
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references installation scripts and related skills from
inference.shand its associated GitHub repositories. These resources are integral to the skill's stated functionality and originate from the vendor's infrastructure. - [COMMAND_EXECUTION]: The skill employs the
beltCLI tool to perform various automated tasks, including capturing screenshots via an agent-controlled browser and generating product visuals using AI models. Command execution is appropriately restricted to thebeltutility through theallowed-toolsfrontmatter configuration. - [PROMPT_INJECTION]: The skill handles untrusted data provided by users (such as raw changelog details) to produce formatted updates, presenting an indirect prompt injection surface.
- Ingestion points: User-provided changelog and release note content (SKILL.md).
- Boundary markers: The instructions do not define delimiters or specific safety instructions for the agent when processing external text.
- Capability inventory: Subprocess execution via
Bash(belt *)providing access to browser automation and image generation tools (SKILL.md). - Sanitization: No explicit validation or filtering of user-supplied content is described.
Audit Metadata