conventional-committer
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the terminal tool to execute git commands (status, add, commit) and Node.js package manager commands (pnpm typecheck, pnpm lint). These actions are consistent with the skill's primary purpose of managing code submissions and ensuring code quality.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it analyzes external data (git diffs and file changes) to generate commit messages. 1. Ingestion points: File changes and status output are analyzed during message generation as seen in SKILL.md instructions. 2. Boundary markers: No delimiters or specific markers are defined to separate untrusted code from analysis instructions. 3. Capability inventory: Terminal access is used for git and pnpm operations. 4. Sanitization: No sanitization steps are defined for the content of the changes being analyzed. The risk is assessed as low because the potential impact is limited to the content of the generated commit message.
Audit Metadata