commit
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use standard git commands (
git branch,git commit) to perform its primary function. This is expected behavior for a version control tool.\n- [EXTERNAL_DOWNLOADS]: The skill references Sentry's official engineering documentation athttps://develop.sentry.dev/engineering-practices/commit-messages/for formatting guidelines. This is a trusted vendor resource.\n- [PROMPT_INJECTION]: The skill includes instructions intended to ensure the agent follows specific project standards instead of its default committing behavior. This is used for project-wide consistency and does not attempt to bypass safety guidelines.\n- [PROMPT_INJECTION]: The skill processes user-provided commit messages which are then used in CLI commands, creating an indirect injection surface.\n - Ingestion points: Commit subject, body, and footer content provided by the user.\n
- Boundary markers: Conventional commit structure is defined, though explicit shell-escaping instructions are not provided in the skill text.\n
- Capability inventory: Execution of
git commitcommands as documented inSKILL.md.\n - Sanitization: The skill advises against using literal
\\nsequences to ensure correct formatting of the commit message.
Audit Metadata