git-commit
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard Git commands for managing local and remote changes. Evidence: usage of
git branch,git status,git diff,git commit, andgit pushcommands.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it ingests data from local repository files to influence its behavior.\n - Ingestion points: Reads the content of
.github/commit-message-templatefrom the workspace.\n - Boundary markers: There are no explicit markers or instructions to treat the template content as untrusted data.\n
- Capability inventory: The skill possesses the ability to execute shell commands and modify remote repositories via network operations.\n
- Sanitization: The skill does not define specific escaping or validation for the commit message before it is interpolated into the shell command.
Audit Metadata