changelog-generator
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- NO_CODE (SAFE): The file contains no executable scripts (Python, JavaScript, Bash, etc.) or configuration files that could be used for malicious purposes.
- COMMAND_EXECUTION (SAFE): While the skill mentions 'Scanning Git History', it does not provide any shell commands or scripts to execute; it serves purely as a functional description for an agent.
- Indirect Prompt Injection (INFO): The skill describes a process that involves untrusted data (git commits). 1. Ingestion point: Git history and commit messages. 2. Boundary markers: Absent. 3. Capability inventory: Describes file-writing to 'CHANGELOG.md'. 4. Sanitization: Absent. Because no prompt logic or code is included, this represents a functional description rather than an exploitable vulnerability.
Audit Metadata