commit
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands including
git branch --show-currentandgit commit. While these are standard tools for the task, the dynamic construction of commit messages from external inputs could lead to command injection if the agent does not properly escape shell-active characters. - [PROMPT_INJECTION]: The skill contains a directive to "not ask the user whether to create a branch" and to "just proceed with branch creation" when on the
mainormasterbranches. This instruction explicitly overrides standard user-confirmation protocols to enforce a specific engineering policy. - [PROMPT_INJECTION]: The skill demonstrates a vulnerability surface for indirect prompt injection by interpolating untrusted data into its workflow.
- Ingestion points: Data is ingested from code diffs and external issue references (e.g., GH, Sentry, or Linear ticket descriptions) to populate commit subjects and bodies.
- Boundary markers: The instructions do not define boundary markers or delimiters to separate the instructions from the potentially untrusted data being processed.
- Capability inventory: The agent has the capability to execute
git commitcommands via the CLI, which acts as the sink for the ingested data. - Sanitization: There is no requirement or guidance provided for sanitizing or escaping the data retrieved from external sources before it is used in the
git commitcommand string.
Audit Metadata