commit
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard Git commands (
git status,git diff,git commit) to manage the repository. These operations are essential for the skill's stated purpose of automating commit creation.- [PROMPT_INJECTION]: The skill processes untrusted data which presents a surface for indirect prompt injection. - Ingestion points: Data from
git diffandgit statusoutput is ingested into the agent context to analyze changes. - Boundary markers: The skill uses HEREDOC blocks (
cat <<'EOF') to delimit the generated commit message during command execution. - Capability inventory: The skill has the capability to execute shell commands (
git) and modify external project state viamcp__linear-server__update_issue. - Sanitization: The implementation uses single-quoted HEREDOC delimiters (
'EOF'), which is a security best practice that prevents the shell from performing variable expansion or command substitution on the content of the commit message, mitigating risk from malicious content within diffs.
Audit Metadata