changelog-generator
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): Vulnerable to Indirect Prompt Injection through git commit messages.
- Ingestion points: Git commit history and optional style guides (SKILL.md).
- Boundary markers: Absent; the skill does not use specific delimiters to isolate commit messages from instructions.
- Capability inventory: Executes git commands (git log) and generates markdown output for user documentation.
- Sanitization: Absent; malicious commit messages could hijack the AI's persona or output content.
- COMMAND_EXECUTION (LOW): Executes shell commands to scan repository history. This is expected behavior for a changelog generator but represents the primary method of data ingestion.
Audit Metadata