commit
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill utilizes shell commands to interact with the git binary. While the subcommands are restricted to 'status', 'add', and 'commit', the arguments (filenames) are dynamically generated from the repository state, allowing for potential command injection if filenames contain shell metacharacters.
- [Indirect Prompt Injection] (MEDIUM): (Category 8)
- Ingestion points: Reads repository state via
git statusinSKILL.md. - Boundary markers: Absent. No delimiters or instructions are used to separate untrusted filenames from agent instructions.
- Capability inventory: Includes
git add <file>andgit commit -m <message>, which are write-capable operations that modify repository history. - Sanitization: Absent. No validation is performed on filenames before they are passed to the shell.
- Risk: An attacker could place files in a repository with names designed to manipulate the agent's logic or escape the intended command structure.
Audit Metadata