changelog-gen
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npx ai-changelogwhich fetches and runs a package from the public npm registry without verification of the source developer. - [REMOTE_CODE_EXECUTION]: Execution via
npxconstitutes remote code execution as it downloads and runs code from an external repository at runtime. - [COMMAND_EXECUTION]: The skill executes shell commands to interact with the local git repository and the npm ecosystem.
- [DATA_EXFILTRATION]: The tool accesses local git history and sends commit messages to OpenAI's GPT-4o-mini service. This is the intended functionality, though git logs may occasionally contain sensitive data or secrets.
- [PROMPT_INJECTION]: 1. Ingestion points: Reads git logs via subprocess commands. 2. Boundary markers: No delimiters or instructions are used to separate commit messages from the system prompt. 3. Capability inventory: Includes command execution and network access to AI APIs. 4. Sanitization: No sanitization of git commit messages is performed before processing by the LLM.
Audit Metadata