gen-release-notes
Warn
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interpolates the user-supplied
$ARGUMENTSdirectly into shell command strings, such asgit log ${PREV_TAG}..HEAD. This construction is vulnerable to command injection if the input contains shell metacharacters, potentially allowing the execution of arbitrary code in the agent context. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from git logs and pull request titles without sanitization. Ingestion points: Outputs from
git logandgh pr list(Step 1). Boundary markers: None used to separate processed data from instructions. Capability inventory: The skill has the capability to write to the file system (Step 5). Sanitization: No validation or filtering is performed on the ingested text before it is incorporated into the changelog output.
Audit Metadata