commit
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted input from the local git repository (history and file changes) to generate commit messages, which represents an indirect prompt injection surface.
- Ingestion points: The agent reads and processes output from
git status,git diff, andgit log(SKILL.md). - Boundary markers: Absent; command output is processed directly without specific delimiters or isolation.
- Capability inventory: The skill is capable of executing shell commands to stage files and create commits.
- Sanitization: The skill uses a quoted HEREDOC (
'EOF') for commit messages, which prevents variable and command expansion by the shell. - [COMMAND_EXECUTION]: The skill executes local git CLI commands. It includes instructions to avoid
git add ., which reduces the risk of accidentally committing sensitive files like secrets or configuration. While the HEREDOC pattern for commits is generally robust, it may be susceptible to command injection if the drafted message contains the literal delimiter string (e.g., 'EOF'). - [SAFE]: No malicious patterns, persistence mechanisms, or unauthorized network operations were detected. The skill's functionality is consistent with its stated purpose as a developer productivity tool.
Audit Metadata