Skills
skills/danielsogl/copilot-workflow-demo/changelog-generator/Gen Agent Trust Hub

changelog-generator

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
  • [NO_CODE]: The skill consists exclusively of markdown documentation and natural language instructions. There are no executable scripts, shell commands, or configuration files provided in the skill package.
  • [PROMPT_INJECTION]: The skill instructions create a surface for indirect prompt injection by tasking the agent with processing untrusted external data (git commit messages).
  • Ingestion points: Git commit history and local style configuration files (e.g., CHANGELOG_STYLE.md).
  • Boundary markers: The skill does not define specific delimiters or provide instructions to the agent to disregard embedded commands within commit messages.
  • Capability inventory: The agent is expected to read the local git history and write formatted output to a file (CHANGELOG.md).
  • Sanitization: No sanitization or validation steps are described for the input commit data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 12:09 AM