commit-convention
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill instructs the agent to read and mimic previous commit messages, which are untrusted external inputs. 1. Ingestion points: The agent executes
git log -n 5 --onelineto read historical data from the current repository (SKILL.md). 2. Boundary markers: No delimiters or explicit instructions are provided to the agent to treat the history as data rather than instructions. 3. Capability inventory: The skill is granted access to theBash,Read, andGreptools via the frontmatter, providing a vector for command execution if the agent is successfully injected (SKILL.md frontmatter). 4. Sanitization: There is no evidence of sanitization or validation of the commit message content before it is processed by the agent.
Audit Metadata