changelog-logger
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill instructs the agent to ingest git changes and plan diffs, which are externally controlled inputs. This creates a surface for indirect prompt injection via malicious commit messages, though the impact is limited to text generation as no write or execute capabilities are defined in the skill.
- [No Code] (SAFE): No executable scripts, binaries, or dependency manifests were detected in the skill, which significantly reduces the technical attack surface for remote code execution.
Audit Metadata