wiki-changelog
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its processing of external, untrusted data.
- Ingestion points: The procedure in SKILL.md instructs the agent to 'Examine git log (commits, dates, authors, messages)', where commit messages are untrusted inputs provided by external contributors.
- Boundary markers: The instructions lack any specification for delimiters or system-level warnings to the agent to ignore instructions embedded within the git log content.
- Capability inventory: The skill leverages the agent's summarization and classification capabilities to process the commit history into a user-facing report.
- Sanitization: There are no instructions provided to sanitize, filter, or validate the content of the commit messages before the agent processes them.
Audit Metadata