changelog-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). * Ingestion points: The skill ingest untrusted external data in the form of git commit history and local style guides like CHANGELOG_STYLE.md. * Boundary markers: Absent. No instructions are provided to the agent to distinguish commit data from instructions or to ignore embedded commands. * Capability inventory: The skill implicitly executes shell commands to scan repository history and provides instructions to write output directly to the filesystem (CHANGELOG.md). * Sanitization: Absent. No filtering or validation of the commit message content is performed before processing.
- [COMMAND_EXECUTION] (MEDIUM): Functional reliance on executing shell commands (git log) to fulfill its purpose provides an attack surface for any successful prompt injection to interact with the host system environment.
Recommendations
- AI detected serious security threats
Audit Metadata