changelog-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection as it processes untrusted commit messages. Evidence: 1. Ingestion points: Git history retrieved via git log commands in SKILL.md; 2. Boundary markers: Absent; 3. Capability inventory: Execution of git commands and natural language processing of the output; 4. Sanitization: Absent. An attacker could embed instructions in a commit message to hijack the agent context during the transformation or categorization phases.
- [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to execute multiple bash commands including git log and git describe. This exposes the local repository's metadata and structure to the LLM and requires the agent to have active shell execution permissions, which increases the system's attack surface.
Recommendations
- AI detected serious security threats
Audit Metadata