git-commit-message
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing arbitrary content from git staged changes without adequate isolation.
- Ingestion points: The skill reads external data via the
git diff --cachedcommand in SKILL.md. - Boundary markers: There are no delimiters or instructions to treat the output of the git command as untrusted data or to ignore any instructions embedded within the code changes.
- Capability inventory: The skill's capabilities are limited to reading git state and generating text; it does not perform network operations or file writes based on the processed content.
- Sanitization: No sanitization or escaping is performed on the data retrieved from the git index before it is passed to the language model.
Audit Metadata