commit-work
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a high-risk indirect prompt injection surface because it ingests untrusted data from the repository being committed and uses that data to determine and execute commands. \n
- Ingestion points: File contents, git diff output, and repository metadata (SKILL.md). \n
- Boundary markers: Absent; there are no instructions to delimit or ignore instructions within the processed data. \n
- Capability inventory: Execution of
gitcommands and arbitrary shell commands for 'verification' (tests, lint, build) as specified in step 7 of SKILL.md. \n - Sanitization: Absent; the skill does not validate the safety of the verification scripts before execution. \n- [Command Execution] (MEDIUM): The skill workflow relies on the execution of multiple system commands (
git status,git diff,git add,git commit). While these are standard operations, performing them on untrusted file paths or incorporating untrusted commit messages into shell commands carries a risk of command injection if the agent's execution environment does not properly sanitize inputs.
Recommendations
- AI detected serious security threats
Audit Metadata