release
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script (
scripts/generate_changelog.py) to generate changelog entries. This is an expected behavior for a release automation tool but involves subprocess execution. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted external data into the agent's context and filesystem.
- Ingestion points: The
descriptionargument provided by the user and Git commit messages retrieved during the execution ofscripts/generate_changelog.py. - Boundary markers: None identified. The instructions do not specify the use of delimiters or warnings to prevent the agent from following instructions embedded within the changelog description.
- Capability inventory: The skill has the capability to write to local files (
pyproject.toml,plugin.json,CHANGELOG.md) and execute subprocesses via the changelog script. - Sanitization: There is no evidence of input validation or sanitization for the
descriptionstring before it is written toCHANGELOG.mdor processed.
Audit Metadata