Skylv Changelog Release Manager

Security checks across malware telemetry and agentic risk

Overview

This is a simple markdown-only changelog helper with no code, install script, credentials, network access, or persistence.

Safe to install for drafting changelogs from git history. Review generated release notes before publishing, and be aware it may be selected for general changelog or release-note requests because its trigger language is broad.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill declares a very generic trigger term, "changelog-generator", while the description and examples also reference broad phrases like "generate changelog" and "release notes". Broad or ambiguous triggers can cause the skill to activate on ordinary user requests unintentionally, increasing the chance of inappropriate routing or execution in contexts where the user did not explicitly intend to invoke this skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal