changelog-generator
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (MEDIUM): The skill is vulnerable to indirect prompt injection through its data ingestion pipeline.
- Ingestion points: The skill reads git commit logs and local files like CHANGELOG_STYLE.md.
- Boundary markers: None are defined in the instructions to separate untrusted data from the agent's core instructions.
- Capability inventory: The skill requires the agent to execute shell commands (git log) and write to the file system (CHANGELOG.md).
- Sanitization: There is no requirement for the agent to sanitize or escape content from the git history. An attacker who can influence the commit history could embed instructions that manipulate the agent's output, bypass safety guidelines, or influence subsequent agent decisions.
Audit Metadata