changelog-writer
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
git logand its own internal Python scripts usingsubprocess.run. It correctly uses the list format for arguments to prevent shell injection, but it remains a controlled execution surface that relies on parameters derived from user input. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted git commit messages and is instructed to rewrite them into user-facing descriptions. A malicious commit could contain instructions designed to deceive the agent. * Ingestion points: Commit subjects and bodies extracted in
scripts/commit-classifier.py. * Boundary markers: Absent from the prompt logic. * Capability inventory:subprocess.runused for git operations and script execution. * Sanitization: None performed on the extracted commit text before model processing.
Audit Metadata