app-store-changelog
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): Shell command injection vulnerability in
scripts/collect_release_changes.sh. Evidence: The variable${range}is used unquoted ingit log. If the agent provides a maliciously crafted git ref (e.g.,; touch pwned), the shell will execute the injected command. - [PROMPT_INJECTION] (LOW): Vulnerability to indirect prompt injection from repository content. 1. Ingestion points:
scripts/collect_release_changes.sh(collects commit messages). 2. Boundary markers: Absent in both the script output and the LLM prompt instructions. 3. Capability inventory: The agent summarizes the collected data for public release notes. 4. Sanitization: None provided for external data ingested from the git history.
Recommendations
- AI detected serious security threats
Audit Metadata