changelog-generator

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts scripts/generate_changelog.py and scripts/commit_linter.py utilize subprocess.run to interact with the Git command-line interface. The implementation follows security best practices by passing arguments as a list and avoiding the use of shell=True, which effectively mitigates the risk of shell injection.
  • [DATA_EXPOSURE]: The skill includes capabilities to read commit history and write to local files (e.g., CHANGELOG.md). These operations are restricted to local file system access as required for the tool's core functionality, with no evidence of unauthorized data access or network transmission.
  • [INDIRECT_PROMPT_INJECTION]: As the skill processes commit messages from the project's history to generate documentation, there is a theoretical surface for indirect prompt injection. However, the scripts perform structured parsing and formatting, and there is no pattern of uncontrolled interpolation into agent instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 01:01 AM
Security Audit — agent-trust-hub — changelog-generator