Skills
skills/alexei-led/claude-code-config/committing-code/Gen Agent Trust Hub

committing-code

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes Git commands using the Bash tool to gather the current repository state including status, diffs, and logs.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it analyzes untrusted data from the local repository environment.
  • Ingestion points: Data from git status, git diff, and git log (including file names and commit messages) enters the agent context in SKILL.md.
  • Boundary markers: No delimiters or 'ignore instructions' warnings are present to isolate the git output from the agent's instructions.
  • Capability inventory: The skill employs the Bash tool to execute git operations, including those that modify the repository state.
  • Sanitization: No sanitization or escaping is performed on the results of the git commands before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 11:00 AM