changelog-generator
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- Prompt Injection (HIGH): The skill is vulnerable to indirect prompt injection attacks because it processes untrusted commit messages as input. Ingestion points: The agent is instructed to read git commit history (git log) and local style guide files (CHANGELOG_STYLE.md). Boundary markers: There are no delimiters or instructions to ignore embedded commands within the commits. Capability inventory: The skill requires the ability to execute git commands and write to local files (e.g., CHANGELOG.md). Sanitization: No sanitization or content validation is provided, allowing an attacker to inject instructions into a commit that the agent may follow during the generation process.
- Command Execution (MEDIUM): The skill relies on the agent executing git commands to retrieve history. While inherent to the task, this capability increases the risk of exploitation if the prompt is successfully injected.
Recommendations
- AI detected serious security threats
Audit Metadata