changelog-generator
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection because it processes untrusted git commit messages as input.
- Ingestion points: Git commit history processed during changelog generation.
- Boundary markers: Absent; the instructions do not define delimiters or warnings for the agent to ignore embedded instructions within commits.
- Capability inventory: File system write access to CHANGELOG.md and git repository read access.
- Sanitization: Absent; the skill transforms technical commits into user-friendly text without validating or escaping the input content.
- No Code (SAFE): The skill contains no scripts or binaries, relying entirely on the agent's internal capabilities and markdown instructions.
Audit Metadata