Skills
skills/conor-yek/skills/commit-msg/Gen Agent Trust Hub

commit-msg

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the analysis of code diffs.
  • Ingestion points: Untrusted data from code changes is read via git diff and git diff --cached in the execution steps.
  • Boundary markers: No delimiters are used to isolate the diff data from the agent's instructions.
  • Capability inventory: The skill can perform file staging with git add -A and create commits with git commit -s.
  • Sanitization: No filtering or validation of the code content is performed before processing.
  • Remediation: Wrap the code diff output in unique delimiters and explicitly instruct the agent to ignore any natural language instructions found within the code changes.
  • [COMMAND_EXECUTION]: The skill executes local shell commands to manage the git repository.
  • Evidence: The execution steps include calls to git status, git diff, git add -A, and git commit -s. These are consistent with the skill's primary purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 06:39 AM