2-commit-fast
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
git commitcommand using an AI-generated message without a human-in-the-loop (HITL) confirmation step. This is a security risk because the content of the commit message is derived from untrusted input (the diff of changed files).- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from the local environment that could contain malicious instructions. - Ingestion points: The agent reads untrusted content through
git diff --cachedandgit log --oneline -20(SKILL.md). - Boundary markers: There are no explicit delimiters or instructions to treat the diff content as data only, increasing the risk that the AI might follow instructions embedded in the code changes.
- Capability inventory: The skill uses shell command execution to perform commits (SKILL.md).
- Sanitization: While the skill uses a single-quoted heredoc (
'EOF') to mitigate simple shell expansion, it does not implement sanitization or validation of the generated message to prevent it from containing characters that could terminate the command and execute a second one.
Audit Metadata