Skills
skills/1mangesh1/dev-skills-collection/changelog/Gen Agent Trust Hub

changelog

Warn

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The script scripts/changelog-generator.py uses subprocess.run(..., shell=True) and directly interpolates variables from_ref and to_ref into the command string. This allows for arbitrary shell command execution if a user provides a maliciously crafted git reference.
  • EXTERNAL_DOWNLOADS (LOW): Documentation in SKILL.md and references/tools.md promotes the installation of third-party tools via npm, pip, and cargo. While sources like googleapis (release-please) are trusted, these installations execute external code on the local system.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection as it ingests git logs (untrusted input) in scripts/changelog-generator.py and preserves them in the generated CHANGELOG.md. This content could be used to manipulate an agent that reads the changelog. Evidence: 1. Ingestion point: Git log command in scripts/changelog-generator.py. 2. Boundary markers: Absent. 3. Capability inventory: File writing and shell execution in scripts/changelog-generator.py. 4. Sanitization: Absent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 21, 2026, 07:02 AM