commit-helper
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted external data (git diffs) which creates a surface for indirect instructions to influence agent behavior.
- Ingestion points: The skill executes
git diff --staged(defined in SKILL.md instructions) to read file contents into the context. - Boundary markers: Absent. The prompt does not use delimiters or explicit 'ignore instructions' warnings when processing the diff output.
- Capability inventory: The skill is granted
Bash(git:*)permissions, allowing it to perform any git operation, including commits. - Sanitization: Absent. There is no logic to filter or escape content found within the diffs before they are processed by the LLM.
Audit Metadata