Skills
NYC
skills/duc01226/easyplatform/changelog-update/Gen Agent Trust Hub

changelog-update

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill processes untrusted external data and has write capabilities, creating a surface for indirect injection. * Ingestion points: SKILL.md (Steps 1 and 3) reads output from git diff, git log, and raw file contents. * Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the files or diffs being reviewed. * Capability inventory: SKILL.md (Steps 1, 6, and 7) executes git commands, writes to CHANGELOG.md, and deletes temporary files. * Sanitization: Absent; file contents and diffs are analyzed by the agent without any escaping or filtering.
  • Command Execution (LOW): The skill executes local git commands (diff, log, show) to retrieve repository data. While these are standard development tools, they interact with the local environment based on repository state.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:56 AM