generating-changelog
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it processes git commit history and changelog files which may contain content from untrusted external contributors.
- Ingestion points: Git commit messages extracted via
git logand existingCHANGELOG.mdorHISTORY.mdfiles. - Boundary markers: The skill documentation does not define specific delimiters or 'ignore' instructions to prevent the agent from being influenced by instructions embedded within commit messages.
- Capability inventory: The skill utilizes shell commands (
git) and has the capability to write to the local filesystem (CHANGELOG.md). - Sanitization: No evidence of sanitization, escaping, or schema validation for the ingested commit message text is present in the provided files.
Audit Metadata