commit
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute git commands such as
git diff,git stage, andgit commit. These operations are necessary for managing repository changes but allow the agent to perform actions on the local filesystem within the git context. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection during Phase 2 (Change Analysis) and Phase 3 (AI Code Quality Check). The agent analyzes the output of
git diff, which may contain untrusted data from the codebase. Malicious instructions embedded in code comments could be interpreted as commands by the AI model, potentially leading to incorrect commit metadata or the unintended removal of code. - Ingestion points: The output of
git diffandgit diff --cachedis read directly into the agent's context in Phase 2 and Phase 3. - Boundary markers: There are no delimiters or specific instructions to ignore embedded commands within the diff content in the prompt template.
- Capability inventory: The agent has access to
Write,Edit, andBash(git:*)tools, which provide the ability to modify files and the repository state. - Sanitization: The skill does not perform any sanitization or validation of the code differences before they are processed by the AI model.
Audit Metadata