commit-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill uses
git logcommands to retrieve history from the local repository. While this executes shell commands, the parameters are static and within the expected scope of the tool's purpose. - [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: Git commit messages and bodies are ingested via
git log --pretty=format:%h|%s|%bin SKILL.md. 2. Boundary markers: Absent. Commit content is processed and passed to downstream tools without delimiters or instructions to ignore embedded commands. 3. Capability inventory: Analysis results are automatically fed to/claudeception, which has the capability to generate and modify agent skills. 4. Sanitization: Absent. An attacker who can influence commit history (e.g., via a pull request) could embed malicious instructions that manipulate the skill-extraction process, potentially leading to the creation of backdoored skills or unintended agent behavior.
Recommendations
- AI detected serious security threats
Audit Metadata