git-commit-expert
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Data Exposure & Exfiltration (SAFE): The skill includes non-negotiable security protocols that explicitly prevent the commitment of secrets, credentials, and environment files (.env). It does not contain any network exfiltration patterns.
- Command Execution (SAFE): The skill executes standard development tools (git, npm, pytest, cargo) for the purpose of code verification. It explicitly forbids dangerous flags such as
--force,--hard, or--no-verifyunless specifically requested by the user, adhering to the principle of least privilege. - Prompt Injection (SAFE): No malicious override or bypass instructions were detected. The skill instructions reinforce agent safety and professional conduct.
- Indirect Prompt Injection (LOW):
- Ingestion points: Reads project files (
package.json,README.md,Makefile) and repository history (git log,git diff). - Boundary markers: Employs a 'Decision Protocol' and 'Interaction Strategy' to maintain logical control.
- Capability inventory: Execution of local build/test toolchains and git management.
- Sanitization: Standard for development agents; the risk is mitigated by the safety-first commit protocols.
Audit Metadata