Skills
skills/cockroachdb/cockroach/commit-helper/Gen Agent Trust Hub

commit-helper

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it analyzes data from git diff. Malicious instructions in the code being analyzed could influence the resulting commit message.\n
  • Ingestion points: git diff and git diff --staged in SKILL.md.\n
  • Boundary markers: Absent. No instructions provided to delineate code from instructions.\n
  • Capability inventory: git commit in SKILL.md.\n
  • Sanitization: Absent.\n- COMMAND_EXECUTION (SAFE): The skill uses git diff and git commit to perform its intended tasks. These are standard commands for version control and do not represent a security risk in this context.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 11:23 PM