Skills
skills/aroldolanderos/skills/make-commits/Gen Agent Trust Hub

make-commits

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses git commands including status, diff, add, and commit to facilitate the iterative creation of semantic commit messages based on local changes.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection through analyzed data.
  • Ingestion points: The skill reads untrusted data from the local file system via git diff <file> (SKILL.md, Step 3).
  • Boundary markers: There are no specified boundary markers or instructions to ignore embedded commands within the diff output.
  • Capability inventory: The skill has the ability to execute shell commands (git add, git commit) which could be manipulated.
  • Sanitization: The skill includes a critical human-in-the-loop confirmation step (AskUserQuestion in SKILL.md, Step 5) that allows users to verify and edit the proposed commit message and files before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 02:57 PM