git-commit
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No instructions were found that attempt to override system prompts, bypass safety filters, or use 'jailbreak' techniques.
- [DATA_EXFILTRATION]: The skill contains logic to prevent the exfiltration of sensitive data. It explicitly forbids automatic
git pushoperations and requires user confirmation if the privacy scanner detects high-risk files or keywords. It uses secure SSH protocols for remote configurations. - [CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or private keys were found. Instead, the skill actively monitors for these items to warn the user against committing them.
- [COMMAND_EXECUTION]: The skill uses standard Git commands (
init,add,commit,remote set-url) necessary for its stated purpose. There are no patterns suggesting arbitrary shell execution or unauthorized system modifications. - [EXTERNAL_DOWNLOADS]: The skill does not perform any external package installations or remote script executions.
- [PROMPT_INJECTION]: Indirect surface detected as the skill reads local files to categorize project types and scan for secrets.
- Ingestion points: Local project files (SKILL.md workflow steps 2, 4, and 5).
- Boundary markers: Not explicitly defined in the prompt templates.
- Capability inventory: Limited to Git repository management commands (
git init,add,commit,remote). - Sanitization: Includes a privacy scanner to identify and filter high-risk content before processing. Given the restricted capabilities, the risk of instruction injection from file content is negligible.
Audit Metadata