changelog-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): High vulnerability to Indirect Prompt Injection (Category 8) due to the processing of untrusted external data.
- Ingestion points: Git commit history and individual commit messages are read and processed as the primary input.
- Boundary markers: The skill documentation does not mention any delimiters or system-level instructions to ignore commands embedded within the commit messages.
- Capability inventory: Based on the description, the skill accesses local git history and suggests saving output to local files (CHANGELOG.md), creating a path for data exposure if the agent is tricked into reading sensitive local files.
- Sanitization: No sanitization or validation of the commit message content is described, allowing raw commit text to influence the agent's prompt generation logic.
Recommendations
- AI detected serious security threats
Audit Metadata