changelog-generator
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted external data (commit messages) and has the capability to write to the file system. \n
- Ingestion points: Git commit history (via 'Scans Git History' in SKILL.md). \n
- Boundary markers: Absent; there are no instructions to delimit untrusted commit data from the agent's instructions. \n
- Capability inventory: Write access to the local file system (suggested usage 'Save output directly to CHANGELOG.md') and execution of git commands. \n
- Sanitization: Absent; no input validation or escaping of commit content is mentioned. An attacker could craft a commit message containing instructions to override the agent's behavior or exfiltrate data when the changelog is generated.
Recommendations
- AI detected serious security threats
Audit Metadata