Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/changelog-generator/Gen Agent Trust Hub

changelog-generator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is designed to process external content (commit messages, PR descriptions, or file histories) to generate changelogs.
  • Ingestion points: Processes repository metadata and commit history (implied by the purpose in SKILL.md).
  • Boundary markers: None specified in the skill definition to protect against instructions embedded in commit messages.
  • Capability inventory: 'Bash', 'Write', 'Edit', and 'Grep' tools are enabled (File: SKILL.md).
  • Sanitization: No sanitization or validation logic is defined to filter external content.
  • Risk: An attacker could craft a commit message containing instructions designed to hijack the agent. Because the agent has 'Bash' and 'Write' privileges, a successful injection could lead to arbitrary command execution or unauthorized file modification.
  • Command Execution (MEDIUM): The skill explicitly allows the 'Bash' tool. While common for documentation automation, this capability increases the impact of any prompt injection attack by allowing the agent to run shell commands on the host system.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:36 AM