logical-commits
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard git commands to manage the repository worktree and staging area. Findings include the use of 'git status', 'git diff', 'git add -p', and 'git commit' within SKILL.md to manage atomic changes.
- [COMMAND_EXECUTION]: The skill executes project-standard validation scripts inferred from the environment (e.g., 'npm test', 'cargo test', 'go test') to verify that staged changes do not break the project. This execution is limited to local scripts within the user's repository.
- [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection as it processes content from git diffs which may contain data from untrusted sources. * Ingestion points: Git diff outputs and repository file contents processed during commit planning. * Boundary markers: None; the skill does not use specific delimiters to isolate diff content from the agent's instructions. * Capability inventory: Execution of git commands and arbitrary project scripts discovered in the worktree. * Sanitization: No sanitization or filtering is performed on data read from the git repository.
Audit Metadata