commit
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
git diff --cachedto read staged code changes andgit commit -mto perform the commit. These are standard local operations required for the skill's primary function. - [PROMPT_INJECTION]: As the skill ingests data from git diffs (untrusted external input), it has an indirect prompt injection surface. This is mitigated by the 'Confirm and commit' workflow step, which mandates that the user review, edit, or cancel the action before the commit is executed, preventing the agent from performing unintended operations without oversight.
Audit Metadata