commit
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill facilitates standard version control workflows using local Git commands and the platform-integrated /sc:git command.
- [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill ingests untrusted data from git diff to generate commit messages.
- Ingestion points: The skill reads output from git status and git diff (SKILL.md).
- Boundary markers: No specific delimiters or instructions to ignore instructions within the diff are provided to the agent.
- Capability inventory: The skill executes shell commands (git status, git diff) and the /sc:git command, which includes file-write (commit) and network (push) capabilities.
- Sanitization: No explicit sanitization or validation of the diff content is performed prior to processing for message generation.
Audit Metadata