Changelog Generator
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It is designed to process external, untrusted data such as git commit messages, code diffs, and feature lists. Because this data is interpolated into the agent's context and subsequently used to drive actions like file creation, there is a risk that malicious instructions embedded in the input could influence the agent's behavior.
- Evidence Chain:
- Ingestion points: User-provided text for 'Git Commits', 'Feature List', and 'Diff/Changes' as described in the overview and templates (SKILL.md).
- Boundary markers: No delimiters or instructions to the agent to disregard embedded commands within the input text are present in the provided templates.
- Capability inventory: The skill integrates with 'office-mcp' to use 'create_docx' and 'md_to_docx' tools, which perform file system write operations.
- Sanitization: No sanitization, escaping, or validation logic is defined for the input data before processing.
Audit Metadata