app-store-changelog
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script
scripts/collect_release_changes.shto gather git history and metadata. - Evidence: The 'Workflow' section instructions the agent to run the script from the repository root.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted data from git commit messages.
- Ingestion points: Git commit messages and file lists gathered in
SKILL.mdvia the collection script. - Boundary markers: Absent; the skill does not specify delimiters to separate commit messages from instructions.
- Capability inventory: Local command execution via shell scripts.
- Sanitization: Absent; the skill does not describe any filtering or sanitization of commit messages before processing.
Audit Metadata