gen-commit-msg
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes standard git commands including diff, status, commit, and log to perform repository operations. All commands are purpose-built for the stated function.
- [DATA_EXPOSURE] (SAFE): The skill reads repository changes via git diff to generate messages. While this exposes local code to the model, no external network calls or exfiltration attempts were detected.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses an indirect prompt injection surface because it processes untrusted data from the git diff of edited files without sanitization or explicit boundary markers. 1. Ingestion points: Output from git diff and git status in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: git commit, git tag (shell-based execution). 4. Sanitization: No sanitization or escaping of diff content is performed before processing.
Audit Metadata