git-commit
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local git commands including status, diff, add, and commit operations. It specifically uses a quoted HEREDOC pattern ('EOF') which is a recognized security best practice to prevent the shell from interpreting or executing content within the commit message body.- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it reads file contents to generate commit messages.
- Ingestion points: Repository file changes are read through 'git diff' as described in SKILL.md.
- Boundary markers: No explicit boundary markers or delimiters are used for the diff output.
- Capability inventory: The skill has the capability to stage files and execute commits.
- Sanitization: The use of quoted HEREDOCs in the workflow provides a layer of protection by ensuring the shell does not evaluate any potentially malicious instructions that might be present in the generated message.
Audit Metadata