git-commit-writer
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill includes functionality to update itself by downloading and piping a script to a shell. Evidence: In commands/droid/git-commit-writer.md, the command 'curl -fsSL https://raw.githubusercontent.com/Alcyone-Labs/agent-skills/main/install.sh | bash' is executed when the --update-skill argument is provided. This targets the official repository of the skill author, alcyone-labs.
- [EXTERNAL_DOWNLOADS]: The skill downloads an installation script from a remote repository for skill management. Evidence: The update workflow in the droid command configuration fetches 'install.sh' from the alcyone-labs GitHub organization.
- [COMMAND_EXECUTION]: The skill executes local git commands and scripts to perform its core functions. Evidence: Multiple files (SKILL.md, commands/opencode/git-commit-writer.md) invoke 'git diff', 'git log', and read project files like 'AGENTS.md'. The opencode command also executes a local 'install.sh' script.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes untrusted content from the repository.
- Ingestion points: staged changes via 'git diff --staged', commit history via 'git log', and project files such as 'AGENTS.md' and 'README.md'.
- Boundary markers: No specific delimiters are defined to isolate untrusted code content from the skill's instructions.
- Capability inventory: Ability to execute git commands and read local filesystem content.
- Sanitization: The skill does not perform sanitization or filtering on the content retrieved from git or project files before processing it.
Audit Metadata