mc-commit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No security issues detected. The skill file consists of markdown instructions and git command examples. A commented-out hook for local logging to a hidden directory in the user home folder was observed but is considered benign and limited to local filesystem operations.
- [Indirect Prompt Injection] (SAFE): The skill has an attack surface for indirect prompt injection because it processes git diffs which are untrusted external data. However, this is the primary purpose of the skill. 1. Ingestion points: git diff output from various commands like 'git diff --staged'. 2. Boundary markers: None specified in the documentation. 3. Capability inventory: Generation of commit message text based on input. 4. Sanitization: None. The severity is marked SAFE because the analysis is a functional requirement and no high-risk capabilities are exposed to the ingested data.
Audit Metadata