minor-release

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Node.js to execute local helper scripts (get-minor-changelog-summary.ts and write-minor-changelog-section.ts) located within the .agents/skills/ directory. These scripts perform string manipulation and file operations consistent with changelog management.
  • [PROMPT_INJECTION]: The instructions contain behavioral constraints that direct the agent not to read script source files or search for alternative helper scripts. While this limits the agent's ability to verify the underlying code, the scripts provided are restricted to local file operations and contain no malicious logic.
  • [DATA_EXPOSURE]: The skill reads and writes to CHANGELOG.md and CHANGELOG.prerelease.md. This access is necessary for the skill's primary purpose and is limited to project documentation files.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes PR titles and descriptions from CHANGELOG.prerelease.md which may be authored by external contributors.
  • Ingestion points: Data is ingested from CHANGELOG.prerelease.md via the get-minor-changelog-summary.ts script.
  • Boundary markers: No explicit delimiters or instructions are used to separate untrusted changelog content from the agent's own processing instructions.
  • Capability inventory: The skill has the capability to write the aggregated content back to CHANGELOG.md using the Write and Edit tools.
  • Sanitization: There is no evidence of sanitization or escaping of the input text before it is summarized by the agent or written to the final file.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 12:30 PM
Security Audit — agent-trust-hub — minor-release