app-store-changelog
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script
scripts/collect_release_changes.shto retrieve git commit logs and file changes. This script is a vendor-provided resource necessary for the skill's primary functionality. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from git commit history. * Ingestion points: Git commit messages and lists of touched files gathered via the collection script. * Boundary markers: No explicit delimiters or boundary markers are defined to prevent the agent from executing instructions found in commit messages. * Capability inventory: Subprocess execution of local scripts and LLM-based summarization of external content. * Sanitization: There is no evidence of data sanitization or filtering to remove potential malicious instructions from the git history before processing.
Audit Metadata