changelog-generator
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted data.
- Ingestion points: The agent is instructed to scan git commit history and analyze commit messages to generate changelogs (SKILL.md).
- Boundary markers: There are no instructions provided to wrap the commit data in delimiters or to explicitly warn the agent to ignore instructions embedded within the commit messages themselves.
- Capability inventory: The agent typically requires shell execution capabilities to run git commands and file-system write access to save the generated output to 'CHANGELOG.md'.
- Sanitization: There is no mention of sanitizing, escaping, or validating the commit message content before it is processed by the language model, allowing potential 'jailbreak' or override attempts hidden in commit messages to reach the agent context.
Audit Metadata