changelog-generator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists solely of markdown instructions for the AI agent and does not provide any scripts, binaries, or executable files.
- [PROMPT_INJECTION]: The skill processes untrusted external data (git commits) which enters the agent context via commit history. While this represents an indirect prompt injection surface where malicious commit messages could attempt to influence the agent, there are no boundary markers or sanitization steps defined. However, the capability inventory is limited to text analysis and formatting, with no subprocess or network operations defined, making the risk negligible.
Audit Metadata