use-git-agent
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to "immediately run git-agent commit" upon loading and explicitly tell the agent "Do not ask the user what to do," which bypasses standard user review and confirmation steps for command execution.
- [PROMPT_INJECTION]: The skill involves processing untrusted data (git diffs and staged files) through an AI model to generate commit messages, creating a surface for indirect prompt injection.
- Ingestion points: Git diff output and staged file contents are processed by the tool (SKILL.md, references/cli.md).
- Boundary markers: The documentation notes that trailers never enter the LLM context and that bullets are generated as a JSON array, providing some structural boundaries.
- Capability inventory: The skill executes the
git-agentCLI tool which performs file system read/write operations (staging and committing). - Sanitization: No specific sanitization or filtering of the diff content is described in the provided documentation beyond the use of structured JSON for specific output fields.
Audit Metadata