Skills
skills/decebals/claude-code-java/changelog-generator/Gen Agent Trust Hub

changelog-generator

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill uses basic shell utilities (git, grep, cat, head) to extract versioning data, tag history, and commit messages. These commands are localized to the project directory and are essential for the skill's core functionality.
  • [PROMPT_INJECTION] (SAFE): The skill has an indirect prompt injection surface because it processes untrusted data (git commit messages and external CHANGELOG files). However, since the skill's purpose is to summarize this data and it lacks dangerous capabilities like network access or elevated file writing, the risk is negligible.
  • Ingestion points: Commit messages retrieved via git log, content from CHANGELOG.md and CLAUDE.md.
  • Boundary markers: Absent; the skill relies on the LLM's internal parsing of the command output.
  • Capability inventory: Read-only shell commands (git, grep, cat, head).
  • Sanitization: None; the content is processed directly for summarization.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 04:42 AM