changelog
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/analyze_commits.pyexecutesgitcommands usingsubprocess.run. Although arguments are passed as a list to mitigate shell injection, the skill relies on executing system-level binaries. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes git commit messages (untrusted data). [1] Ingestion points: Commit data is ingested via
scripts/analyze_commits.pyusinggit log. [2] Boundary markers: There are no delimiters used to isolate commit text from agent instructions. [3] Capability inventory: The skill can execute commands (git) and modify the filesystem (CHANGELOG.md). [4] Sanitization: No filtering or escaping is applied to the content of commit descriptions.
Audit Metadata