Skills
skills/maslennikov-ig/claude-code-orchestrator-kit/generate-changelog/Gen Agent Trust Hub

generate-changelog

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from external sources, specifically git commit messages and plan files (e.g., ".version-update-plan.json"). It lacks explicit boundary markers or instructions for the agent to ignore potentially malicious content embedded within this data, creating a surface for indirect prompt injection.
  • Ingestion points: Git commit messages via "git log" and content of ".version-update-plan.json" as described in SKILL.md.
  • Boundary markers: Absent. No instructions are provided to use delimiters or delimiters to isolate untrusted content.
  • Capability inventory: The "Bash" and "Read" tools are enabled in the skill frontmatter.
  • Sanitization: Absent. No validation or filtering instructions are provided for the ingested data.
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the "Bash" tool to execute "git log" using variables "fromRef" and "toRef". If these variables are sourced from untrusted input and not properly sanitized by the agent, they could be exploited to perform command injection.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 06:28 AM
Security Audit — agent-trust-hub — generate-changelog