Skills
skills/prulloac/agent-skills/semver-changelog/Gen Agent Trust Hub

semver-changelog

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill processes untrusted data from git commit logs and diffs to update project documentation, creating a significant injection surface.\n
  • Ingestion points: git log <latest_tag>..HEAD --oneline and git diff <latest_tag>..HEAD (SKILL.md).\n
  • Boundary markers: Absent. There are no instructions or delimiters to isolate untrusted git output.\n
  • Capability inventory: Authorized to perform file write operations on CHANGELOG.md (SKILL.md).\n
  • Sanitization: Absent. No logic is provided to filter or validate commit messages.\n- Command Execution (LOW): The skill relies on the execution of local git commands.\n
  • Evidence: Uses git tag, git diff, and git log to extract repository metadata. While standard, these are executed in the local environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 12:49 AM