git-commit-assistant
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests untrusted data from source code diffs to generate commit messages and perform actions. Evidence Chain: 1. Ingestion points:
git diff --cachedinSKILL.md. 2. Boundary markers: Absent. 3. Capability inventory:git commit(file modification/write operation). 4. Sanitization: Absent. - Command Execution (HIGH): The skill dynamically assembles shell commands using generated strings (
git commit -m "<message>"). Without explicit escaping or use of a safe API, this allows for shell command injection if the generated message contains shell metacharacters.
Recommendations
- AI detected serious security threats
Audit Metadata