commit-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute git commands to determine the state of the repository and read file content. Evidence: git diff --cached --name-only and git diff --cached in SKILL.md.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by processing untrusted data from the repository codebase. 1. Ingestion points: Data enters the context via the output of git diff commands. 2. Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the analyzed code diffs. 3. Capability inventory: The agent is instructed to create git commits and modify the README.md file. 4. Sanitization: No sanitization, escaping, or validation is performed on the diff output before it is processed by the model.
Audit Metadata