Skills
skills/tmeister/skills/wp-plugin-changelog/Gen Agent Trust Hub

wp-plugin-changelog

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill reads data from git commit logs and diffs, which are untrusted external sources (Cat 8). If an attacker includes malicious instructions within a commit message, the agent might execute them during the summarization or classification phase.
  • Ingestion points: SKILL.md indicates the use of git log and git diff to collect data.
  • Boundary markers: None. The workflow does not specify delimiters or instructions to treat git data as literal text rather than instructions.
  • Capability inventory: The skill has the capability to execute shell commands (git) and modify files (readme.txt update in step 6).
  • Sanitization: No sanitization or filtering of commit content is mentioned before it is processed by the LLM.
  • Command Execution (LOW): The skill relies on executing git commands via a shell. While standard, the use of user-provided ranges or branches as arguments could lead to command injection if the underlying agent does not properly escape these parameters.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:42 AM