changelog-generator
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Uses standard git and file utilities (
git status,git diff,git log,cat,grep) to review repository state and extract version information. These are legitimate development tools used within their intended scope. - [PROMPT_INJECTION]: The skill processes untrusted data from git history, creating an indirect prompt injection surface. 1. Ingestion points:
git diff --cachedandgit log --oneline --cached(SKILL.md, command/changelog-generator.md). 2. Boundary markers: Absent. 3. Capability inventory: Git operations and local file writing topackage.jsonandCHANGELOG.md. 4. Sanitization: Absent. The risk is considered safe as the skill performs no dangerous external or system-level operations.
Audit Metadata