conventional-committer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface (Category 8). The skill analyzes local source code changes to generate commit messages. Because it lacks explicit boundary markers or sanitization, malicious instructions embedded within the code being committed could potentially influence the agent's behavior during the analysis phase.
- Ingestion points: Analysis of changes in the working directory (Instruction 6).
- Boundary markers: None specified to distinguish between code content and agent instructions.
- Capability inventory: Terminal access to execute
gitandpnpmcommands. - Sanitization: No sanitization or escaping of analyzed content is mentioned.
- COMMAND_EXECUTION (SAFE): The skill executes standard development commands (
git add,git commit,pnpm lint,pnpm typecheck). These operations are restricted to the local repository and are essential for the skill's primary purpose. No high-severity patterns likesudoor remote script piping were detected.
Audit Metadata