Skills
skills/morzecrew/agent-skills/keep-a-changelog/Gen Agent Trust Hub

keep-a-changelog

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted input from commit messages, pull request descriptions, and diffs to update the CHANGELOG.md file, creating a surface for indirect prompt injection.
  • Ingestion points: User-provided summaries, git commits, PR descriptions, and code diffs are utilized in Workflow A.
  • Boundary markers: Absent; the instructions do not define delimiters or markers to isolate the untrusted external data from the skill's instructions.
  • Capability inventory: The skill performs file writing operations to update the CHANGELOG.md file.
  • Sanitization: While the skill provides categorization and notability rules to filter content, it lacks explicit instructions to sanitize, escape, or ignore embedded instructions found within the processed text.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 08:13 AM