commit
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses several git commands including
git status,git log,git diff,git add, andgit committo manage the local development workflow. These are necessary for its primary function and do not involve remote execution. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface by analyzing user-controlled content in git diffs and logs. 1. Ingestion points:
git diff(Step 1) andgit log(Step 0) inSKILL.md. 2. Boundary markers: The instructions do not specify delimiters for isolating diff content during analysis. 3. Capability inventory: The skill can stage files and create commits viagit addandgit commit(Step 6). 4. Sanitization: No sanitization of the diff text is performed before it is processed by the AI for code review. This risk is minimized by the interactive confirmation UI in Step 6.
Audit Metadata