Skills
skills/hsablonniere/skills/commit/Gen Agent Trust Hub

commit

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection due to its core workflow of processing external, untrusted content.
  • Ingestion points: Untrusted data enters the agent context through git diff --cached, git log, and the Read tool when exploring touched files (Workflow steps 1, 2, and 3).
  • Boundary markers: The instructions do not define clear delimiters or use "ignore embedded instructions" warnings to separate the untrusted data from the agent's internal logic.
  • Capability inventory: The agent has the power to execute shell commands via Bash(git:*) and Bash(fmt:*), which allows for persistent changes to the repository's state.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the diff content or file data before it is analyzed by the LLM.
  • COMMAND_EXECUTION (MEDIUM): The skill relies on the Bash tool to perform git operations. While the tool is restricted to git and fmt subcommands, an attacker who successfully achieves indirect prompt injection could potentially manipulate the commit process, for example by crafting a commit message that triggers malicious git hooks or by misusing git configurations if the tool constraints are insufficiently robust.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:58 AM