Skills
skills/claude-code-community-ireland/claude-code-resources/conventional-commits/Gen Agent Trust Hub

conventional-commits

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from local file changes, which creates a surface for indirect prompt injection where malicious instructions inside a file could manipulate the AI's behavior.
  • Ingestion points: The output of the "git diff --staged" command is used as the primary input for analysis (SKILL.md).
  • Boundary markers: The instructions do not define clear delimiters or warnings to ignore embedded instructions within the diff content.
  • Capability inventory: The skill is focused on text generation and does not have secondary capabilities like network access or arbitrary code execution.
  • Sanitization: No filtering or sanitization is performed on the content of the staged changes before processing.
  • [COMMAND_EXECUTION]: The skill requires the execution of the "git diff --staged" command on the local system. This is an expected and necessary operation for the skill's core functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 10:57 PM