commit-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions specify running several local Python scripts, such as
scripts/smart_commit_analyzer.pyandscripts/analyze_commits_ai.py, to perform code analysis and regression checks. The logic within these scripts was not available for direct inspection. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection (Category 8) as it processes data from external contributors. • Ingestion points: Reads commit messages and code diffs using
git logandgit show. • Boundary markers: There are no mentioned delimiters or instructions to ignore malicious commands embedded in the commit metadata. • Capability inventory: Performs local script execution and network communication with the DeepSeek API. • Sanitization: No evidence is provided regarding the sanitization or filtering of commit content before it is processed by the AI. - [NO_CODE]: The core operational logic resides in script files that were not included in the provided content, limiting the analysis to the documented command patterns and workflow descriptions.
Audit Metadata