changelog-generator
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes git commit history and external style guidelines which could contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: Git commit history (via git log) and
CHANGELOG_STYLE.md. - Boundary markers: The instructions lack explicit delimiters or warnings to ignore embedded instructions within the processed data.
- Capability inventory: The skill utilizes file system reading and git repository access tools.
- Sanitization: There is no documented logic for sanitizing or escaping commit content before it is interpolated into the agent's context.
Audit Metadata