Skills
skills/derogab/agent-kit/commit/Gen Agent Trust Hub

commit

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses dynamic context injection (the ! syntax) in SKILL.md to gather repository information.
  • Evidence: Shell commands git diff --staged, git branch --show-current, and git log --oneline -5 are used to populate the agent's context.
  • Analysis: These commands are benign, executed locally, and are directly required for the skill's primary functionality.
  • [PROMPT_INJECTION]: The skill processes output from Git commands which serves as a surface for indirect prompt injection.
  • Ingestion points: Output of git diff --staged and git log --oneline -5 in SKILL.md.
  • Boundary markers: None present.
  • Capability inventory: Tool calls for git commit as defined in SKILL.md.
  • Sanitization: No explicit sanitization or filtering of Git output is performed.
  • Analysis: While the surface for indirect prompt injection exists, the risk is inherent to the primary purpose of a Git automation skill and is considered acceptable.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 08:32 AM