changelog-generator
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
git logcommand to retrieve version history from the local repository. This is standard behavior for a developer tool and is appropriate for the skill's stated purpose. - [PROMPT_INJECTION]: The skill handles commit messages from external sources which represents an indirect prompt injection surface. * Ingestion points: Output from
git log. * Boundary markers: No specific delimiters or instructions to ignore embedded commands are present. * Capability inventory: Limited to reading git history and writing to a local changelog file. * Sanitization: The transformation guidelines—which require the agent to rewrite technical implementation details into benefit-oriented user language—serve as an inherent sanitization step that minimizes the risk of the agent obeying instructions hidden in commit messages.
Audit Metadata