changelog-automation
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill defines workflows that ingest data from external git commit logs to generate release notes and changelogs. An attacker who can commit to the repository could include malicious instructions in commit messages designed to mislead the AI agent or influence its behavior during the release process.
- Ingestion points: Git commit history accessed via
git logcommands in SKILL.md. - Boundary markers: Absent; the instructions do not suggest delimiters or warnings to ignore instructions within the processed data.
- Capability inventory: Execution of shell commands for Git parsing and GitHub CLI (
gh release create) for creating releases. - Sanitization: Absent; the provided scripts use basic filtering (
grep,sed) which provides no protection against prompt injection.
Audit Metadata