changelog-generator
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to malicious instructions embedded in git commit messages. * Ingestion points: Git commit history (untrusted external source) and local configuration files like CHANGELOG_STYLE.md. * Boundary markers: None present to isolate untrusted commit text from agent instructions. * Capability inventory: Requires filesystem read access and potentially write access if used to update CHANGELOG.md directly. * Sanitization: No validation or filtering of commit content is performed.
- [Command Execution] (LOW): The skill requires the ability to execute git commands to retrieve repository history, which is a standard but sensitive capability.
Recommendations
- AI detected serious security threats
Audit Metadata