changelog
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses the Bash tool to execute 'git log' to gather historical context from the repository history.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing data from user-controlled files and internal application logs.
- Ingestion points: Accesses 'CHANGELOG.md' and session metadata from '~/.claude/projects/*/sessions-index.json'.
- Boundary markers: No specific boundary markers or instructions are defined to prevent the agent from following instructions embedded in the historical session data.
- Capability inventory: Possesses 'Read', 'Write', 'Edit', and 'Bash' capabilities, which could be leveraged if malicious instructions were successfully injected.
- Sanitization: The skill lacks explicit sanitization or validation of the content retrieved from session summaries or changelog files.
Audit Metadata