release-changelog
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill processes git commit messages which are untrusted external data. These messages are aggregated into a CHANGELOG.md file, creating a surface for indirect prompt injection. Evidence: 1. Ingestion points: git commit history (retrieved via git log). 2. Boundary markers: None mentioned; the script blindly maps commit types to sections. 3. Capability inventory: Writes to the local filesystem (CHANGELOG.md) and executes subprocesses (git). 4. Sanitization: Not documented.
- [COMMAND_EXECUTION] (SAFE): The skill's primary purpose involves executing a local Node.js script to perform git operations and file writes. This is transparently documented and limited to the user's local environment.
Audit Metadata