Skills
skills/fradser/dotclaude/commit/Gen Agent Trust Hub

commit

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash(git:*) tool to execute git commands, including git diff, git diff --cached, git add, and git commit. Access is scoped specifically to the git binary.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from the repository's code changes and uses it to drive editing decisions and message generation.
  • Ingestion points: Data enters the agent's context through git diff and git diff --cached in Phase 2.
  • Boundary markers: The workflow prompt lacks delimiters (e.g., XML tags or triple quotes) to separate the untrusted diff content from the agent's instructions.
  • Capability inventory: The agent is granted Edit and Write capabilities in Phase 3 to modify files based on its analysis of the diff, and Bash capabilities in Phase 4 to finalize changes.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from the file system before it is processed by the model.
  • [DATA_EXPOSURE]: The skill reads .claude/git.local.md for configuration. This is a local configuration file for the agent and does not inherently expose sensitive system credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 04:49 AM