git-commit-helper
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection. It ingests untrusted code differences from 'git diff' and uses the AI to analyze them while possessing Bash execution capabilities. An attacker could craft a code change containing hidden instructions to manipulate the agent. \n
- Ingestion points: 'git diff --staged' and 'git diff --staged --name-only' executed via Bash tool. \n
- Boundary markers: Absent. The instructions do not specify delimiters for the diff data. \n
- Capability inventory: 'Bash' tool allowed, 'Read' tool allowed. \n
- Sanitization: Absent. No mention of filtering or escaping diff content before processing. \n- COMMAND_EXECUTION (MEDIUM): The skill relies on the 'Bash' tool to perform its analysis. While intended for git commands, this capability increases the potential impact of an injection attack. \n- DATA_EXFILTRATION (LOW): The skill documentation mentions potential network access to 'api.github.com' for fetching issue details. This is an external network request to a domain not included in the standard whitelist. \n- Persistence (LOW): The skill provides example code for a git 'prepare-commit-msg' hook. While not an automated action, modifying git hooks is a standard persistence mechanism.
Recommendations
- AI detected serious security threats
Audit Metadata