changelog-generator
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODEPROMPT_INJECTION
Full Analysis
- NO_CODE (INFO): The skill contains only documentation and metadata; no executable scripts, configuration files, or implementation logic were provided for analysis.
- PROMPT_INJECTION (LOW): The skill has an Indirect Prompt Injection surface (Category 8).
- Ingestion points: The skill processes git commit history and external style guides (e.g.,
CHANGELOG_STYLE.md). - Boundary markers: None specified in the documentation.
- Capability inventory: Reading git history and generating natural language summaries.
- Sanitization: No mention of sanitizing or escaping commit message content. A malicious actor with commit access could embed instructions to manipulate the agent's summary output.
Audit Metadata