update-changelog
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard git commands (
git rev-parse,git diff,git diff --cached) to locate the repository root and identify code changes for documentation. - [PROMPT_INJECTION]: The skill reads external data via
git diffoutput to determine changelog entries. While this creates a potential surface for indirect prompt injection from malicious code comments or strings in the diff, the impact is limited to the content of theCHANGELOG.mdfile. 1. Ingestion points: Step 3 reads output fromgit diffandgit diff --cachedin SKILL.md. 2. Boundary markers: No specific delimiters are used to separate diff content from the agent's instructions. 3. Capability inventory: The skill can read repository files, execute git status/diff commands, and write toCHANGELOG.md. 4. Sanitization: No explicit sanitization of the diff content is performed before processing.
Audit Metadata