gen-changelog
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill possesses a significant attack surface by ingesting untrusted data while maintaining file-write capabilities.
- Ingestion points: Reads git diff output and existing
CHANGELOG.mdfile content which can contain malicious instructions from attacker-controlled sources (e.g., code comments). - Boundary markers: Absent; there are no instructions to treat input as data or to ignore embedded instructions.
- Capability inventory: Possesses file-write permissions to update changelog files across the repository.
- Sanitization: No sanitization or filtering of the ingested content is performed before it is processed and written to the filesystem.
Recommendations
- AI detected serious security threats
Audit Metadata