git-commit
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill explicitly forbids the staging of sensitive files, specifically mentioning
.env, credentials, and private keys. It also prohibits dangerous flags like--forceor--no-verifyand prevents modifications to the git configuration. - [COMMAND_EXECUTION]: The skill utilizes local shell commands (
git status,git add,git commit) to manage the file system. Security is maintained through a mandatory 'STOP' step that requires the user to manually confirm the proposed commit message and action before any commit command is executed. - [PROMPT_INJECTION]: The skill analyzes file differences to generate commit messages, which presents a surface for indirect prompt injection from data within the repository files.
- Ingestion points: File contents and diffs are ingested via
git diffandgit status(SKILL.md). - Boundary markers: No explicit delimiters are used to wrap the diff content when analyzed by the agent.
- Capability inventory: The skill has the ability to stage and commit files to the local repository.
- Sanitization: The risk is mitigated by the mandatory human review of the generated commit message prior to execution.
Audit Metadata