Skills
skills/glincker/claude-code-marketplace/changelog-generator/Gen Agent Trust Hub

changelog-generator

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute git log commands to retrieve commit history from the local repository.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from commit messages that could contain malicious instructions.
  • Ingestion points: Git commit history retrieved via git log commands (SKILL.md).
  • Boundary markers: Absent. The instructions do not specify using delimiters or provide warnings to ignore embedded instructions within processed commit messages.
  • Capability inventory: Shell command execution via Bash tool and file system modification via Write tool.
  • Sanitization: Absent. The skill parses and formats commit messages directly without validation or escaping logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 11:48 PM
Security Audit — agent-trust-hub — changelog-generator