Skills
skills/commandcodeai/agent-skills/changelog-generator/Gen Agent Trust Hub

changelog-generator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill processes git commit logs, which are external data that can be influenced by third parties.
  • Ingestion points: Git commit messages (via git log) and local configuration files like CHANGELOG_STYLE.md.
  • Boundary markers: None identified; there are no instructions provided to the agent to treat commit data as untrusted or to use delimiters.
  • Capability inventory: The skill likely requires shell access to run git commands and filesystem access to read project files.
  • Sanitization: No evidence of sanitization or filtering of commit messages is present.
  • [Command Execution] (MEDIUM): To 'Scan Git History', the skill must execute system-level commands. If the agent accepts unsanitized user input for version tags or branch names, it could be vulnerable to command injection.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:20 AM