changelog
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several shell commands to interact with the repository history, including 'git log', 'git tag', 'git show', and GitHub CLI commands such as 'gh pr list' and 'gh pr view'. These tools are used appropriately to gather information for documenting changes.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8c) due to how it processes external pull request data. It explicitly directs the agent to 'Read the PR comments' and 'check for specific instructions' about what to exclude from the logs. An attacker could potentially influence the agent's behavior or the contents of the project's changelog by embedding malicious instructions in PR comments.\n
- Ingestion points: Data retrieved from 'gh pr view --comments', PR titles, and git commit messages.\n
- Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore instructions embedded within the ingested data.\n
- Capability inventory: The agent has the ability to execute shell commands ('git', 'gh') and modify repository files ('CHANGES.md', 'build.gradle.kts').\n
- Sanitization: Absent. The skill encourages following instructions found in external comments without validation or filtering.
Audit Metadata