git-commit-summarizer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests commit messages from git history, which are considered untrusted external data. These messages are interpolated directly into markdown reports without sanitization or protective delimiters. Evidence: Ingestion point at
git_commit_analyzer.py(line 74), output generation inreport_generator.py(line 89). The skill possesses file-write capabilities (report_generator.py, line 170) and command execution capabilities (git_commit_analyzer.py, line 60), creating a high-risk surface for downstream agent exploitation. - Command Execution (LOW): The skill uses
subprocess.runto execute git commands. While it avoids shell injection by using a list of arguments, theusernamesinput is used to construct the--authorflag without validation (line 61), which is a best-practice violation and could potentially lead to argument manipulation within the git command context.
Recommendations
- AI detected serious security threats
Audit Metadata