oma-commit
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automates version control by executing shell commands like
git addandgit commit. - [PROMPT_INJECTION]: In Step 5, the skill explicitly tells the agent to "proceed immediately without asking for confirmation". This behavior suppresses user oversight, which is a security concern when the agent performs write operations like committing code.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It analyzes untrusted content from
git diffto generate commit messages and select files for staging without sanitization or boundary markers. 1. Ingestion points: The agent reads the output ofgit statusandgit diffinSKILL.md. 2. Boundary markers: None; untrusted diff data is processed directly. 3. Capability inventory: The skill can stage files (git add) and record changes (git commit) as seen inSKILL.md. 4. Sanitization: There is no logic to escape or validate the content of the changes being analyzed.
Audit Metadata