changelog-generator
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a significant attack surface by ingesting untrusted git commit messages and providing instructions to write the summarized output back to the file system (e.g.,
CHANGELOG.md). - Ingestion points: Git commit history and messages retrieved from the local repository via shell commands like
git log. - Boundary markers: Absent. The instructions do not define delimiters or provide guidance to the agent to ignore or sanitize instructions found within the commit data.
- Capability inventory: The skill description implies the agent has the capability to read git history and write files to the local directory.
- Sanitization: Absent. The agent is encouraged to "translate" and "summarize" technical content, which involves deep processing of untrusted strings, increasing the likelihood of executing embedded prompt injection payloads.
Recommendations
- AI detected serious security threats
Audit Metadata