Skills
skills/cmds-cc/skills/wmill-commit/Gen Agent Trust Hub

wmill-commit

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands including git status, git diff, git log, git add, and git commit to manage repository state. These operations are directly aligned with the skill's primary purpose of automating git workflows.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from the local repository through git diff and git status. While this presents a surface where malicious file content could attempt to influence the agent's summary, the risk is minimized by the constrained scope of the task (generating a single-line commit message).
  • Ingestion points: Output from git status and git diff in SKILL.md.
  • Boundary markers: None present; the agent processes the raw output of git commands.
  • Capability inventory: The skill can stage files (git add) and create commits (git commit) as seen in the execution steps of SKILL.md.
  • Sanitization: No explicit sanitization of git output is performed before analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 07:02 PM