changelog-generator
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from git commit histories and style files. An attacker could craft a commit message containing instructions intended to manipulate the agent's behavior during generation. * Ingestion points: Git commit history logs and CHANGELOG_STYLE.md. * Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined in the provided documentation. * Capability inventory: The skill implies capabilities for reading git logs and writing to the local filesystem (e.g., CHANGELOG.md). * Sanitization: No mention of sanitization or validation of the commit message content before processing.
- [NO_CODE]: The analyzed skill consists only of documentation and does not include any executable scripts, library dependencies, or configuration files that could be directly audited for malicious logic.
Audit Metadata