changelog-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): This skill handles external content from repository logs and commit history which are attacker-controllable. When combined with the 'Bash' and 'Write' tools, this creates a significant vulnerability tier. * Ingestion points: Processes git history, commit messages, and potentially pull request metadata via the 'Read' and 'Grep' tools. * Boundary markers: No delimiters or explicit instructions are provided to the agent to treat external text as data only and ignore embedded commands. * Capability inventory: The skill is granted 'Bash', 'Write', and 'Edit' permissions, enabling side-effect-heavy actions if instructions in commit messages are obeyed. * Sanitization: There is no evidence of sanitization or filtering of the content retrieved from version control before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata