Skills
skills/metamask/metamask-mobile/pr-changelog/Gen Agent Trust Hub

pr-changelog

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes raw data from git diffs. If the code changes being summarized contain malicious instructions (e.g., within code comments), the agent could be manipulated into producing misleading changelog entries or bypassing intended behavior.
  • Ingestion points: Output of git diff main...HEAD in Step 1.
  • Boundary markers: None. There are no instructions to the agent to treat the diff output as untrusted data or to ignore embedded commands.
  • Capability inventory: Execution of git diff to read repository state.
  • Sanitization: None. The skill directly processes the diff output.
  • [COMMAND_EXECUTION]: The skill executes git diff main...HEAD to retrieve the data necessary for generating a changelog. This is a standard and expected operation given the skill's stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 12:30 PM
Security Audit — agent-trust-hub — pr-changelog