gitmoji-commits
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The AGENTS.md file instructs users to install a validation tool from an untrusted GitHub repository (github.com/agentskills/agentskills.git). This represents an unverifiable dependency that could lead to supply chain attacks.
- REMOTE_CODE_EXECUTION (HIGH): The workflow in SKILL.md explicitly directs the agent to execute 'npm test' or 'npm run build'. If an attacker manages to inject malicious scripts into a project's package.json or test files, the agent would execute this code with the user's local privileges.
- COMMAND_EXECUTION (MEDIUM): The skill relies on several shell commands including 'git' operations and project-specific build tools. These are high-privilege operations in an automated context that can be manipulated by malicious input.
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) as it ingests untrusted data from 'git diff' and 'git status' outputs. A malicious payload embedded in a file being reviewed could trick the agent into performing unauthorized actions or omitting safety checks during the commit process. 1. Ingestion points: 'git diff' and 'git status' output in SKILL.md. 2. Boundary markers: Absent; there are no instructions to the agent to treat diff content as untrusted data rather than instructions. 3. Capability inventory: 'git commit', 'npm test', 'npm run build'. 4. Sanitization: Absent; the agent is encouraged to analyze diff content directly without filtering.
Recommendations
- AI detected serious security threats
Audit Metadata