commit-work
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE] (SAFE): The skill performs standard Git operations (git add, git diff, git commit) to manage local source code.
- [CREDENTIALS_UNSAFE] (SAFE): The skill includes explicit instructions for the agent to check for and prevent the staging of secrets or tokens during the commit process (found in SKILL.md and README.md).
- [COMMAND_EXECUTION] (LOW): The skill suggests running local verification steps like unit tests or linters. This is expected behavior for a development tool and is limited to the user's project environment.
- [PROMPT_INJECTION] (LOW): The skill processes external data (file diffs). While an attacker could theoretically place instructions in a file being committed, the skill's logic is restricted to Git management and does not interpret file content as commands. Mandatory Evidence Chain: 1. Ingestion points: git diff output. 2. Boundary markers: None. 3. Capability inventory: git commands, local test/lint scripts. 4. Sanitization: None.
Audit Metadata