changelog-generator
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the
git logcommand to retrieve repository history. This is the primary and expected function of the tool. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes git commit messages, which are external data that could contain malicious instructions. 1. Ingestion points: Commit messages retrieved via
git logas described in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Command execution (git log) mentioned in SKILL.md. 4. Sanitization: No explicit sanitization of commit messages is mentioned.
Audit Metadata