Skills
skills/ak1ra-komj/agents-skills/keep-a-changelog/Gen Agent Trust Hub

keep-a-changelog

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from commit logs and existing changelog files, creating a surface for indirect prompt injection.
  • Ingestion points: The skill reads the contents of CHANGELOG.md and the output of the git log command.
  • Boundary markers: There are no explicit delimiters or instructions to the model to ignore potential instructions embedded within the commit history.
  • Capability inventory: The skill can read and write local files and execute shell commands (git, date).
  • Sanitization: There is no evidence of escaping or filtering commit messages before they are processed and incorporated into the changelog.
  • [COMMAND_EXECUTION]: The skill executes system shell commands to gather project metadata.
  • Evidence: It runs git log --oneline to retrieve version history and date +%Y-%m-%d to determine the current release date.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 02:37 AM