Skills
skills/ghostty-org/ghostty/writing-commit-messages/Gen Agent Trust Hub

writing-commit-messages

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local version control commands (git and jj) to inspect changes and record commits.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its ingestion of untrusted data from diffs.
  • Ingestion points: The workflow reads content from git diff or jj diff commands.
  • Boundary markers: Absent; the prompt does not use markers to distinguish code data from potential embedded instructions.
  • Capability inventory: Version control operations (git, jj) are used to read from and write to the local repository.
  • Sanitization: Absent; no filtering is applied to the retrieved diff content before it is processed by the model.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 03:25 AM