changelog-generator
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill uses standard git commands to process repository history for the legitimate purpose of generating release notes.
- [COMMAND_EXECUTION]: The skill executes git commands (log, remote) to retrieve repository history and metadata. These commands are necessary for the skill's operation and do not involve elevated privileges or dangerous arguments.
- [PROMPT_INJECTION]: The skill parses untrusted data from git logs (hashes, subjects, and bodies). Ingestion points: SKILL.md (Workflow Step 1). Boundary markers: Absent. Capability inventory: The skill utilizes subprocess calls for git commands but does not have file-write or general network capabilities beyond outputting the changelog text. Sanitization: No sanitization of the commit content is performed before processing. The risk is assessed as safe given the restricted capability scope of the agent in this context.
Audit Metadata