Skills
skills/anthemflynn/ccmp/git-commit/Gen Agent Trust Hub

git-commit

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • COMMAND_EXECUTION (LOW): The skill utilizes subprocess.run in scripts/changelog.py, scripts/validate.py, and scripts/version.py to call the git CLI. These calls are used to retrieve repository metadata and history. The execution is handled safely without the use of shell=True.
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection as it ingests untrusted data from git logs and diffs to generate summaries.
  • Ingestion points: Git log history and staged diffs processed in the SKILL.md workflows.
  • Boundary markers: Absent; the skill does not wrap repository data in specific delimiters to prevent the agent from interpreting data as instructions.
  • Capability inventory: Local git command execution and commit suggestion logic.
  • Sanitization: Limited to regex parsing within the provided Python scripts to identify commit components.
  • EXTERNAL_DOWNLOADS (MEDIUM): The documentation and skill instructions reference scripts/analyze-diff.py for 'Smart Analysis' and automated commit features. This script is missing from the provided file set, which prevents a full audit of the component responsible for automated code modification.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:27 PM