changelog-generator
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): Risk of Indirect Prompt Injection through untrusted git commit history analysis.
- Ingestion points: The skill reads git commit logs and an optional external configuration file (CHANGELOG_STYLE.md).
- Boundary markers: Absent. There are no instructions provided to the agent to distinguish between the developer's instructions and the content found in commit messages.
- Capability inventory: The agent performs natural language processing and is instructed to 'Save output directly to CHANGELOG.md', indicating file-writing capabilities.
- Sanitization: Absent. No logic is included to filter or escape potential prompt injection attempts within commit messages.
- [NO_CODE] (SAFE): The skill consists purely of natural language instructions and does not contain any executable scripts or binary files.
Audit Metadata