changelog
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or safety violations were identified. The skill's behavior is consistent with its stated purpose of generating documentation.
- [PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface as it processes untrusted commit messages from git history.
- Ingestion points: Git commit subjects and bodies retrieved via
git login Step 2 of SKILL.md. - Boundary markers: Absent; the agent reads the commit data directly into context.
- Capability inventory: Includes the ability to execute shell commands (git) and write to local files (CHANGELOG.md).
- Sanitization: The skill employs specific filtering (Step 3) and mandatory rewriting rules (Step 5) that transform raw data into a specific format, which significantly mitigates the risk of an embedded instruction being executed as a command.
Audit Metadata