Skills
skills/mathews-tom/praxis-skills/changelog-composer/Gen Agent Trust Hub

changelog-composer

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands like git log and gh pr list to gather data from the local repository environment.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of untrusted commit messages and PR descriptions.\n
  • Ingestion points: Raw text from git logs and GitHub PR lists in SKILL.md.\n
  • Boundary markers: The instructions do not define delimiters or specific constraints to prevent the agent from following directives contained within the parsed text.\n
  • Capability inventory: The skill has access to shell command execution for git and GitHub CLI operations.\n
  • Sanitization: There is no specified mechanism for sanitizing or escaping the input data before it is interpreted by the model.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 08:10 PM