conventional-commits
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses standard git commands (
git status,git diff,git add,git commit) to fulfill its primary purpose of generating commit messages. These operations are restricted to the local repository. - [COMMAND_EXECUTION]: The skill executes shell commands to interact with the git CLI. The use of a HEREDOC (
cat <<'EOF') for the commit message is a best-practice approach to prevent shell injection or formatting errors during the commit process. - [DATA_EXPOSURE]: The skill reads repository state via
git diff HEAD. This is an intended function for analyzing code changes to generate accurate commit descriptions and does not involve sending data to external servers. - [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface where it processes untrusted data (file diffs). While it lacks explicit boundary markers to ignore instructions embedded in code changes, the limited capability (generating a commit message) minimizes the risk of a successful exploit. This is a common characteristic of development-focused skills.
Audit Metadata