changelog
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is designed to ingest and process untrusted external data from git commits and pull requests.
- Ingestion points: Git commit history and pull request descriptions are read as specified in SKILL.md and agents/changelog-generator.md.
- Boundary markers: Absent; there are no specified delimiters to isolate external content from the agent's instructions.
- Capability inventory: Includes the ability to write to CHANGELOG.md and implied command execution for git operations.
- Sanitization: Absent; no logic is provided to filter or escape instructions embedded within the commits.
- [COMMAND_EXECUTION] (LOW): The skill workflow involves fetching git commits, which implies the execution of git commands in the local environment.
Recommendations
- AI detected serious security threats
Audit Metadata