changelog-writer
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill uses file system tools exclusively for project documentation management. No malicious patterns, obfuscation, or unauthorized exfiltration attempts were detected.
- [COMMAND_EXECUTION]: The skill instructions direct the agent to analyze changes via git commands. This is consistent with the primary purpose of a changelog generator and does not represent a privilege escalation or security risk.
- [PROMPT_INJECTION]: The skill processes external data from git logs and diffs, creating an indirect prompt injection surface. However, it mandates strict verification against the codebase and includes anti-hallucination rules to mitigate the risk of processing malicious commit messages.
Audit Metadata