Skills
skills/atovk/skillx/git-commit-helper/Gen Agent Trust Hub

git-commit-helper

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill uses the Bash tool to run local git commands (git diff, git commit). These operations are restricted to the local environment and are essential for the skill's primary purpose.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill analyzes untrusted data in the form of git diff output, which is a known surface for indirect prompt injection (Category 8).
  • Ingestion points: The agent runs git diff to analyze code changes in SKILL.md (Step 2).
  • Boundary markers: Absent. There are no specific delimiters or instructions to the agent to ignore prompt-like strings inside the code diff.
  • Capability inventory: The skill has the ability to execute git commit via Bash.
  • Sanitization: The skill mitigates this risk by explicitly requiring a user confirmation step ("询问是否确认") before performing the actual commit, preventing automated execution of injected instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:38 PM