changelog-generator
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill consists of documentation and usage examples for generating changelogs. No security vulnerabilities or malicious patterns were identified.
- [NO_CODE]: The skill does not provide any scripts, configuration files, or external dependencies. It relies entirely on the agent's natural language processing capabilities.
- [PROMPT_INJECTION]: The skill is designed to process git commit messages, which are considered untrusted external data. This creates a surface for indirect prompt injection.
- Ingestion points: Git commit messages retrieved from the repository history via SKILL.md.
- Boundary markers: The instructions do not specify delimiters or markers to separate commit content from instructions.
- Capability inventory: Reading git history and writing markdown text.
- Sanitization: No specific sanitization or filtering logic is provided for the commit message content.
Audit Metadata