conventional-committer
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The metadata identifies the author as 'GitHub Copilot', which conflicts with the provided author context 'caomeiyouren'. This is deceptive metadata that could lead to a misjudgment of the skill's trustworthiness.
- [COMMAND_EXECUTION]: The skill utilizes the terminal tool to execute shell commands such as git add, git status, git commit, pnpm typecheck, and pnpm lint. While appropriate for the skill's purpose, this represents a direct command execution capability.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by instructing the agent to verify the output of an external agent ('Quality Guardian') and by processing local repository changes without specified sanitization. Mandatory Evidence Chain: (1) Ingestion points: Git repository files and user-provided descriptions. (2) Boundary markers: Absent. (3) Capability inventory: Terminal access for git and pnpm commands. (4) Sanitization: No sanitization described for commit messages generated from code changes.
Audit Metadata