git-commit
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses dynamic context injection (the
!prefix) to execute local git commands (git status,git diff,git log) to populate the agent's context with the current project state. These operations are standard for development workflows and do not involve unauthorized network access or sensitive file exposure. - [SAFE]: The implementation uses shell HEREDOCs for committing messages, which prevents potential command injection vulnerabilities that could arise if user-provided commit message content were parsed directly by the shell.
- [SAFE]: The skill includes explicit safety constraints, forbidding destructive operations like force pushes or unauthorized git configuration changes, ensuring the agent operates within safe boundaries.
- [SAFE]: The skill reads repository data (logs, diffs) which serves as a data ingestion surface; however, the use of XML-style delimiters and safe command execution patterns effectively mitigates risks associated with indirect prompt injection.
Audit Metadata