agent-changelog
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): Executes standard git commands (git log, git tag) to extract project history. These are read-only operations and do not pose a security risk in this context.
- [DATA_EXFILTRATION] (SAFE): The skill operates entirely on local project data. No network activity, external API calls, or data transmission patterns were detected.
- [PROMPT_INJECTION] (LOW): The skill ingests untrusted data from git history and external documentation which could contain malicious instructions (Indirect Prompt Injection). * Ingestion points: Git commit logs and various project files (.claude/plans/, README.md, etc.) are processed as text input. * Boundary markers: The skill does not define explicit delimiters or instructions to ignore embedded commands within the processed sources. * Capability inventory: The skill has the ability to read project files, execute git commands, and write a new markdown file (AGENT_CHANGELOG.md). * Sanitization: No explicit sanitization or filtering of the ingested content is performed before interpolation into the output document.
Audit Metadata