commit
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local developer commands including
gitandpnpm(pnpm lint,pnpm build,git commit) to analyze and update the repository. These operations are essential for the skill's stated purpose of automating commits. - [DATA_EXPOSURE]: The skill reads the repository's staged changes via
git diff. It contains a specific safety rule to identify and warn the user before staging potentially sensitive items such as.envfiles, credentials, or secrets, which demonstrates a proactive security posture. - [PROMPT_INJECTION]: The skill includes an indirect prompt injection surface (Category 8) as it processes untrusted code changes from the repository. However, it mitigates risk by using a HEREDOC (
EOF) pattern when executing thegit commitcommand, ensuring that the generated message is treated as a string and not as executable shell code. - Ingestion points: Reads repository data via
git diff --staged(SKILL.md). - Boundary markers: Utilizes HEREDOC (
EOF) for shell command isolation. - Capability inventory: Executes local subprocesses for
pnpmandgit(SKILL.md). - Sanitization: Relies on the user to approve changes and uses secure string literal wrapping in the CLI.
Audit Metadata