contextual-commit
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill consists entirely of instructional text to guide an agent in formatting commit messages.
- [DATA_EXPOSURE]: The skill uses
git diff --cached --statto inspect staged changes. This is standard functionality for version control tasks and does not involve accessing sensitive configuration files outside of the repository context. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data (git diffs and user input) to generate commit summaries. While this creates a surface for indirect prompt injection (e.g., an attacker placing instructions in code comments to influence the commit message), the skill's capability is limited to text generation, posing a low risk to the system.
Audit Metadata