changelog-generator
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill is designed to ingest and process untrusted external data (git commit messages) without defining security boundaries. This creates a surface for indirect prompt injection, where an attacker could commit code with messages containing hidden instructions to hijack the agent's logic during changelog generation.\n
- Ingestion Point: Git commit history as described in SKILL.md.\n
- Boundary Markers: Absent; the instructions do not provide delimiters to separate commit content from system instructions.\n
- Capability Inventory: The skill involves reading repo data and suggests writing output directly to a file (CHANGELOG.md).\n
- Sanitization: Absent; no instructions are provided to the agent to filter or ignore embedded commands within the commits.
Audit Metadata