commit
Pass
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: LOWNO_CODE
Full Analysis
================================================================================
✅ VERDICT: SAFE
This skill is a set of instructions for an AI to perform Git commit operations. It is well-defined and restricts the AI's actions to a specific set of benign Git and linting commands via the allowed-tools manifest. The skill does not contain any executable code, scripts, or instructions for downloading external content.
Total Findings: 2
🔵 LOW Findings: • Reliance on Local Development Tools
- Line 10: The skill instructs the AI to run
pnpm lint,npm run lint,yarn lint, andbun lint. While these are not external downloads initiated by the skill, they represent a dependency on the user's local environment having these tools installed. This is a common and expected pattern for development-focused skills and does not pose a direct security risk from the skill itself.
ℹ️ TRUSTED SOURCE References: • Indirect Prompt Injection Risk (General)
- Line 20: The skill instructs the AI to perform a
git diffand analyze its output. Any skill that processes user-controlled or external text (likegit diffoutput, which reflects repository content) carries an inherent, general risk of indirect prompt injection. However, the skill's instructions are to analyze the diff for logical changes, not to execute any content found within it. The skill does not introduce specific vulnerabilities beyond the general risk of LLMs processing untrusted input.
================================================================================
Audit Metadata