changelog
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes 'git log' to retrieve commit information from the repository history. This is a standard operation required for the skill's primary functionality.
- [PROMPT_INJECTION]: The skill processes untrusted commit messages and PR numbers, creating an indirect prompt injection surface. 1. Ingestion points: commit messages (via 'git log') and the '{PR_NUMBER}' argument. 2. Boundary markers: no delimiters or specific instructions are provided to the agent to ignore potentially malicious content within these inputs. 3. Capability inventory: the agent has the capability to write files to the 'changelog/' directory. 4. Sanitization: no explicit sanitization is performed on commit messages or arguments. This surface is inherent to the skill's purpose and is considered low risk.
Audit Metadata