commit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): Uses standard bash-based git commands for local repository management. No high-risk command patterns or privilege escalation detected.
- [DATA_EXFILTRATION] (SAFE): Features explicit safeguards against committing secrets, credentials, or environment files, and prohibits pushing to remote repositories without user consent.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill reads file diffs and logs to generate commit messages, which is an ingestion point for untrusted data. Evidence: 1. Ingestion points: 'git diff' and 'git log' output. 2. Boundary markers: Strict instructions to follow the Conventional Commits schema. 3. Capability inventory: 'Bash' tool for command execution. 4. Sanitization: Includes a critical rule requiring the agent to review staged changes manually before committing.
Audit Metadata