oma-commit
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several git commands including
git status,git diff --staged,git log,git add, andgit committo manage repository changes. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from the repository via
git diffto generate commit messages. The instruction to 'proceed immediately without asking for confirmation' after showing the message bypasses a critical human-in-the-loop safety check, potentially allowing malicious content within a file's diff to influence the agent's output or actions. - [CREDENTIALS_UNSAFE]: Hardcoded identity information (email:
our.first.fluke@gmail.com) is present in the configuration and skill instructions for commit attribution. While not a secret key, hardcoding specific identity markers can lead to unintended attribution of changes. - [DATA_EXPOSURE]: The skill accesses local file content and git history to perform its primary function. While necessary for operation, this access could be abused if the agent is manipulated into staging or committing sensitive files (e.g.,
.env), despite the providedforbidden_patternsblacklist.
Audit Metadata