changelog-generator
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to run git log commands. While these are read-only, they require the agent to have shell execution privileges to interact with the repository.
- [PROMPT_INJECTION] (MEDIUM): Vulnerable to Indirect Prompt Injection (Category 8) as it processes untrusted git commit messages. Ingestion points: Git history (git log). Boundary markers: Absent. Capability inventory: Read git history, write to terminal or CHANGELOG.md file. Sanitization: Absent. An attacker could craft a commit message with instructions to manipulate the AI's output during the generation process.
Audit Metadata