Skills
skills/dimillian/skills/app-store-changelog/Gen Agent Trust Hub

app-store-changelog

Fail

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The shell script scripts/collect_release_changes.sh is vulnerable to command injection. It accepts positional arguments for git references and incorporates them unquoted into shell commands. This allows an attacker to execute arbitrary shell commands by supplying a malicious ref name (e.g., ; id ;).
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of git commit history. Malicious instructions embedded in commit messages could influence the agent's behavior during the triage and drafting phases.
  • Ingestion points: Commit messages and file names gathered in scripts/collect_release_changes.sh.
  • Boundary markers: None. The agent processes the command output directly.
  • Capability inventory: Execution of local bash scripts and git commands.
  • Sanitization: The skill does not sanitize commit messages before analysis.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 16, 2026, 10:56 AM