update-changelog
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Vulnerable to Indirect Prompt Injection through untrusted repository data.
- Ingestion points: The skill ingests untrusted data from
git log(commit messages) and the content of existingCHANGELOG.mdorCHANGELOGfiles. - Boundary markers: Absent. The instructions do not use delimiters or provide specific warnings to the agent to ignore instructions embedded within the processed text.
- Capability inventory: The skill executes local git commands (
git describe,git log) and performs file read/write operations on the repository filesystem. - Sanitization: Absent. There is no evidence of sanitization, validation, or escaping of the commit messages or changelog entries before they are processed by the agent.
Audit Metadata