changelog-generator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external, untrusted commit history data. \n
- Ingestion points: Analyzes git commit messages and reads style guidelines from local files like CHANGELOG_STYLE.md. \n
- Boundary markers: There are no explicit markers or instructions provided to the agent to distinguish between commit data and executable instructions. \n
- Capability inventory: The agent reads git logs and file system content, performs text transformations, and is intended to write formatted output to local files. \n
- Sanitization: No sanitization or validation of the commit message content is described to mitigate the risk of embedded instructions.
Audit Metadata