changelog-gen
Warn
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npx ai-changelogto fetch and run a package from the public NPM registry at runtime. The package is maintained by an unverified third party (LXGIC Studios) and does not originate from a recognized trusted source.- [REMOTE_CODE_EXECUTION]: Executing an unverified package vianpxconstitutes remote code execution on the user's machine, as the package content is determined by the remote registry and can be updated without the user's knowledge.- [COMMAND_EXECUTION]: The skill relies on shell command execution for both its core functionality (npx ai-changelog) and for retrieving repository history viagit log.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). Maliciously crafted commit messages in a repository's history could provide instructions that override the AI's intended behavior during the changelog generation process. - Ingestion points: Git commit messages retrieved via
git logbetween user-specified refs. - Boundary markers: None identified; commit messages are passed directly to the AI for parsing and formatting.
- Capability inventory: The skill can execute shell commands, access the local file system (git history), and transmit data to external APIs (OpenAI).
- Sanitization: No evidence of input validation, filtering, or escaping of commit message content is present in the skill instructions.
Audit Metadata