wiki-changelog
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection because it processes untrusted text from git commit logs.\n
- Ingestion points: Git commit history (dates, authors, and messages) accessed via the
git logprocedure described inSKILL.md.\n - Boundary markers: Absent; the instructions do not specify delimiters or constraints to prevent the model from obeying instructions embedded in commit messages.\n
- Capability inventory: None; the skill does not request or define any capabilities for network access, file system modification, or shell execution.\n
- Sanitization: Absent; the skill does not implement any filtering or escaping of commit message content before processing.\n- [NO_CODE]: This skill contains markdown instructions only and does not provide or install any executable scripts or software packages.
Audit Metadata