commit
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted code changes from
git diffto generate its output. - Ingestion points: Data is ingested by reading the
git diffas described in the '信息收集' (Information Gathering) section ofSKILL.md. - Boundary markers: No specific delimiters or safety warnings are used to isolate the diff content from the agent's instructions.
- Capability inventory: The skill instructs the agent to propose a
git commitcommand for user execution in the '结果输出' (Result Output) section ofSKILL.md. - Sanitization: The skill does not explicitly sanitize the diff content; however, the requirement for user confirmation serves as a primary control against malicious output.
- [COMMAND_EXECUTION]: The skill facilitates the generation of shell commands (specifically
git commit). This behavior is safe as it includes a mandatory manual confirmation step ('y/N') ensuring the user reviews the command before execution.
Audit Metadata