Skills
skills/arisng/github-copilot-fc/git-commit-scope-constitution/Gen Agent Trust Hub

git-commit-scope-constitution

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/extract_scopes.py executes the git log command via subprocess.run to retrieve history for analysis. The command is constructed as a list without shell=True, which is a safe practice.
  • [PROMPT_INJECTION]: The skill processes git commit history, creating a surface for indirect prompt injection. Malicious instructions could be embedded in commit messages to influence the agent's reasoning when it drafts the constitution.
  • Ingestion points: Commit messages processed in scripts/extract_scopes.py.
  • Boundary markers: None.
  • Capability inventory: The agent can write to files like .github/git-scope-constitution.md.
  • Sanitization: No validation or sanitization is performed on commit message content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 11:17 PM