conventional-commit
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of
git commitshell commands via the integrated terminal. It specifically includes instructions for the agent to run these commands automatically without requesting explicit confirmation from the user. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it relies on the output of
git diffto construct the commit message and subsequent shell command. - Ingestion points: The agent reads
git diffandgit statusoutput from the local environment. - Boundary markers: The prompt uses XML tags for structure but does not include instructions to ignore or escape commands embedded within the diff content.
- Capability inventory: The skill has the capability to execute shell commands and read local file statuses.
- Sanitization: There is no process described for sanitizing or escaping the data pulled from the diff before it is used in the
git commit -mcommand string.
Audit Metadata