conventional-committer
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the terminal tool to execute git commands (staging, status, and committing) and quality assurance scripts (pnpm typecheck, pnpm lint). These actions are restricted to the local environment and align with the skill's primary purpose.
- [PROMPT_INJECTION]: The skill analyzes file changes to generate commit messages, creating a surface for indirect prompt injection. Maliciously crafted code or comments could attempt to influence the generated commit message content.
- Ingestion points: Analyzes project file content and git status output (referenced in SKILL.md).
- Boundary markers: No explicit delimiters or "ignore embedded instructions" markers are defined for the analysis phase.
- Capability inventory: The skill utilizes the terminal tool to execute commands based on generated content.
- Sanitization: The instructions do not specify sanitization or escaping of the generated message before it is passed to the shell command.
Audit Metadata