commit-message
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches an installation script from the author's official GitHub repository at 'github.com/appleboy/CodeGPT'.
- [REMOTE_CODE_EXECUTION]: The installation process involves downloading a script and executing it via the shell ('curl | bash'). This is a documented vendor-provided installation method.
- [COMMAND_EXECUTION]: The skill requires the execution of several local commands, including 'git', 'codegpt', and shell configuration functions to manage commit workflows.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it processes untrusted data from staged git diffs to generate commit messages.
- Ingestion points: Processes file content changes through git diff analysis.
- Boundary markers: None explicitly defined in the skill instructions.
- Capability inventory: Possesses the ability to write to the local git history by creating commits.
- Sanitization: No specific sanitization or filtering of diff content is described.
Audit Metadata