changelog-generator
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8). Ingestion points: Untrusted git commit messages are analyzed by the agent. Boundary markers: No delimiters or isolation instructions are present to distinguish data from instructions. Capability inventory: The skill uses local command execution (git) and suggests writing output to files (CHANGELOG.md). Sanitization: No sanitization or filtering of commit content is specified.
- [COMMAND_EXECUTION] (MEDIUM): The agent must execute shell commands to read git history, which is a significant capability that could be abused if an injection is successful.
- [NO_CODE] (LOW): No executable code files are included in the skill; it relies on natural language instructions for the agent to use its existing environment and tools.
Recommendations
- AI detected serious security threats
Audit Metadata