git-committer
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing local system commands to perform its core function.
- Evidence: The instructions direct the agent to use git status, git diff, cat, and sed to inspect the repository and read file content for summarization.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes untrusted file content.
- Ingestion points: File data is read into the context via cat and git diff as specified in SKILL.md.
- Boundary markers: The prompt lacks delimiters or specific instructions to the agent to treat file content as data only and ignore embedded instructions.
- Capability inventory: The skill has the capability to read file contents and execute git commands.
- Sanitization: No content filtering or sanitization is performed on the data retrieved from the files before it is processed by the model.
Audit Metadata