commit
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to instructions embedded within the data it processes.
- Ingestion points: The agent reads the output of
git diff, which contains arbitrary text from the project's source code. - Boundary markers: Absent. The instructions do not define clear delimiters or warn the agent to ignore instructions found within the code changes.
- Capability inventory: The skill has the authority to execute shell commands including
git add,git commit,pnpm lint, andpnpm typecheck(SKILL.md). - Sanitization: None. The agent directly interprets the diff to 'decide' on commit logic.
- [Command Execution] (MEDIUM): The skill explicitly instructs the agent to run system commands (
git,pnpm). While standard for a dev tool, this provides a direct lateral movement path if a prompt injection occurs.
Recommendations
- AI detected serious security threats
Audit Metadata