prowler-changelog
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is vulnerable because it ingests untrusted data (PR content and feature descriptions) and has high-privilege capabilities (file editing and bash execution).
- Ingestion points: Untrusted PR descriptions and git metadata are processed to create entries.
- Boundary markers: Absent; the skill lacks delimiters or instructions to ignore embedded commands within the processed data.
- Capability inventory: The skill uses 'Edit', 'Write', and 'Bash' tools, allowing it to modify files across the repository.
- Sanitization: Absent; there is no validation or escaping of external content before it is written to the filesystem.
Recommendations
- AI detected serious security threats
Audit Metadata