changelog-writer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection because it ingests untrusted external data (commit messages, PR titles, and issue descriptions) to generate changelog content. It lacks boundary markers and sanitization steps, meaning malicious commit messages could influence the agent's reasoning or the resulting output.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The instructions suggest the installation of external tools like conventional-changelog-cli (npm) and git-cliff (cargo). These represent unverifiable third-party dependencies that are downloaded and executed.
- [COMMAND_EXECUTION] (MEDIUM): The skill relies on shell commands (git, npm, gh) and provides script templates for automated releases. There is a risk of command injection or unintended behavior if untrusted data from git logs is improperly handled during script execution.
Recommendations
- AI detected serious security threats
Audit Metadata