git-commit
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes local git commands including
git add,git log, andgit commit. These actions are necessary for the skill to function and are used in a manner consistent with its description. There are no attempts to usesudo, bypass git hooks via--no-verify, or push to remote repositories without authorization. - [DATA_EXPOSURE] (SAFE): The skill contains explicit rules to avoid staging or committing sensitive files like
.env, credentials, or API keys, which mitigates common risks associated with source control management. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill reads the output of
git logto determine commit message style, which constitutes a surface for indirect prompt injection from repository history. - Ingestion points: Reads output of
git log -10 --oneline(Phase 2, Step 5). - Boundary markers: Absent in the prompt instructions for log ingestion.
- Capability inventory:
git add,git commit(Phase 1 and 3). - Sanitization: No sanitization or validation of the log output is performed before message generation.
Audit Metadata