git-commit
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a standard workflow for staging and committing code using the git CLI. It specifically mandates a safety protocol that prevents the agent from updating git configuration, performing destructive actions (like hard resets or force pushes), or committing sensitive files such as
.envand private keys. - [PROMPT_INJECTION]: As a code analysis tool, the skill processes untrusted data from the local environment via
git diff. While this represents a surface for indirect prompt injection, the risk is mitigated by the skill's specific operational constraints and the use of secure shell practices (e.g., using quoted heredocs for commit messages to prevent command substitution). - Ingestion points:
git diffandgit diff --stagedoutput used for message generation (SKILL.md). - Boundary markers: None.
- Capability inventory: Local file staging (
git add) and committing (git commit) (SKILL.md). - Sanitization: None.
Audit Metadata