changelog-generator
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes git commit messages, which are external and untrusted data sources. A malicious commit message could contain instructions designed to manipulate the agent's behavior during the categorization or translation process. 1. Ingestion points: Git commit history accessed through git commands. 2. Boundary markers: No explicit delimiters or 'ignore' instructions are defined for the commit data interpolation. 3. Capability inventory: Executes git commands to read history; generates markdown output. 4. Sanitization: The documentation does not specify any sanitization or validation of the commit message content before processing.
- [COMMAND_EXECUTION]: The skill's core functionality relies on executing git commands (e.g., git log) to retrieve repository history, which is a necessary capability for changelog generation but involves subprocess execution.
Audit Metadata