Skills
skills/product-on-purpose/pm-skills/utility-pm-changelog-curator/Gen Agent Trust Hub

utility-pm-changelog-curator

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions direct the agent to 'Execute the system prompt body in [subagents/pm-changelog-curator.md] as your operating instructions'. This pattern of dynamic instruction loading from external files creates a dependency on the integrity of the referenced file within the repository.
  • [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface. Untrusted data enters the agent context via git log output (commit messages) as described in SKILL.md. Boundary markers or 'ignore' instructions are absent to delimit this external content. The agent has capabilities to execute shell commands and read/write files. No sanitization or validation of commit message content is mentioned before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill requires shell access to execute git commands such as git log, git describe, and git status to retrieve the repository history necessary for its stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 12:33 AM
Security Audit — agent-trust-hub — utility-pm-changelog-curator