Git Changelog

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward git changelog helper that reads repository history and only edits CHANGELOG.md when the user asks.

This is reasonable to install if you want an agent to generate changelogs from git history. Use it in the intended repository, specify ranges or paths clearly, review generated release notes before publishing, and only ask it to update CHANGELOG.md when you are ready for a file change.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrase "release notes" is broad and commonly used in normal conversations about software releases, so it can unintentionally activate this skill when a user did not explicitly intend to invoke it. In an agent environment, that creates routing ambiguity and could cause the wrong automation to run, especially if other skills or built-ins also handle release-related requests.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal