smart-commit
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill constructs and executes shell commands using variables extracted from untrusted session history, specifically 'git commit -m "{type}: {message}"'. If the session data contains shell metacharacters like semicolons or backticks, it allows for arbitrary command execution.
- [PROMPT_INJECTION] (HIGH): This skill is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: The skill reads untrusted session history from '~/.claude/projects/' via 'parse-session.py'. 2. Boundary markers: No delimiters or sanitization steps are defined to separate instructions from data. 3. Capability inventory: The skill can execute file staging and commits via git. 4. Sanitization: There is no evidence of sanitization for the messages extracted from the session. A malicious session history could manipulate the agent into performing unintended repository actions.
- [DATA_EXPOSURE] (MEDIUM): The skill accesses Claude's internal session history files which often contain sensitive information like API keys, code snippets, and internal project paths.
Recommendations
- AI detected serious security threats
Audit Metadata