minor-release
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Node.js to execute local helper scripts (
get-minor-changelog-summary.tsandwrite-minor-changelog-section.ts) located within the.agents/skills/directory. These scripts perform string manipulation and file operations consistent with changelog management. - [PROMPT_INJECTION]: The instructions contain behavioral constraints that direct the agent not to read script source files or search for alternative helper scripts. While this limits the agent's ability to verify the underlying code, the scripts provided are restricted to local file operations and contain no malicious logic.
- [DATA_EXPOSURE]: The skill reads and writes to
CHANGELOG.mdandCHANGELOG.prerelease.md. This access is necessary for the skill's primary purpose and is limited to project documentation files. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes PR titles and descriptions from
CHANGELOG.prerelease.mdwhich may be authored by external contributors. - Ingestion points: Data is ingested from
CHANGELOG.prerelease.mdvia theget-minor-changelog-summary.tsscript. - Boundary markers: No explicit delimiters or instructions are used to separate untrusted changelog content from the agent's own processing instructions.
- Capability inventory: The skill has the capability to write the aggregated content back to
CHANGELOG.mdusing theWriteandEdittools. - Sanitization: There is no evidence of sanitization or escaping of the input text before it is summarized by the agent or written to the final file.
Audit Metadata