Skills
skills/mathews-tom/praxis-skills/changelog-composer/Gen Agent Trust Hub

changelog-composer

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill workflow requires the agent to execute shell commands using standard tools, specifically git and gh (GitHub CLI), to fetch repository metadata and history (see SKILL.md, Workflow Phase 1).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its processing of external, untrusted text data.
  • Ingestion points: Repository data including commit messages and PR descriptions are fetched via git log and gh pr list and passed to the agent for analysis (SKILL.md).
  • Boundary markers: The instructions do not implement boundary markers or specific guidance to ignore potential instructions embedded within the git history or PR content.
  • Capability inventory: The skill leverages CLI tools to read repository history and structure changes into human-readable formats.
  • Sanitization: There are no explicit sanitization steps defined to filter malicious payloads or directives that might be present in PR descriptions or commit bodies.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 11:32 AM