changelog-generator
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The scripts
scripts/generate_changelog.pyandscripts/commit_linter.pyutilizesubprocess.runto interact with the Git command-line interface. The implementation follows security best practices by passing arguments as a list and avoiding the use ofshell=True, which effectively mitigates the risk of shell injection. - [DATA_EXPOSURE]: The skill includes capabilities to read commit history and write to local files (e.g.,
CHANGELOG.md). These operations are restricted to local file system access as required for the tool's core functionality, with no evidence of unauthorized data access or network transmission. - [INDIRECT_PROMPT_INJECTION]: As the skill processes commit messages from the project's history to generate documentation, there is a theoretical surface for indirect prompt injection. However, the scripts perform structured parsing and formatting, and there is no pattern of uncontrolled interpolation into agent instructions.
Audit Metadata