changelog-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection due to the processing of external data with write capabilities. 1. Ingestion points: Git commit history as defined in the 'Scans Git History' step. 2. Boundary markers: None are defined in the instructions to separate untrusted commit data from agent instructions. 3. Capability inventory: The 'Tips' section explicitly suggests writing to the filesystem ('Save output directly to CHANGELOG.md'). 4. Sanitization: There is no requirement or logic provided to sanitize or escape commit messages. An attacker with commit access can include malicious instructions that the agent may follow while attempting to 'translate' or 'format' the history.
- [NO_CODE] (INFO): The provided skill contains only markdown documentation and no executable scripts or tool configurations, making the security entirely dependent on the host agent's native safety implementations.
Recommendations
- AI detected serious security threats
Audit Metadata