changelog-generator
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill is designed to analyze and summarize git commit messages which are untrusted external inputs. Without explicit boundary markers or sanitization instructions, these messages could contain malicious instructions designed to hijack agent reasoning. 1. Ingestion points: Git commit history and messages. 2. Boundary markers: None defined in the prompt templates. 3. Capability inventory: No executable scripts or tool definitions are provided in this skill file. 4. Sanitization: No sanitization, escaping, or filtering of commit content is mentioned.
- [NO_CODE] (INFO): This skill contains no executable scripts, configurations, or external dependencies, consisting entirely of documentation and prompt examples.
Audit Metadata