changelog-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is susceptible to hijacking because it processes untrusted commit data using a high-capability agent (command execution and file writing). \n
- Ingestion points: Git commit history and
CHANGELOG_STYLE.md.\n - Boundary markers: Absent; there are no instructions to treat commit data as untrusted or to ignore embedded instructions.\n
- Capability inventory: Implied subprocess execution for git commands and file system modification for saving output to
CHANGELOG.md.\n - Sanitization: Absent; the skill does not include steps to filter or escape the content of commit messages before interpretation.
Recommendations
- AI detected serious security threats
Audit Metadata