Skills
skills/iemong/agent-skills/commit-summary/Gen Agent Trust Hub

commit-summary

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection because it ingests untrusted data from external sources and the agent has high-privilege tool access (Bash).\n
  • Ingestion points: Commit messages retrieved via git log and Pull Request metadata retrieved via the gh CLI.\n
  • Boundary markers: The output is formatted as a Markdown table, but there are no explicit instructions or delimiters to prevent the agent from following commands embedded within the commit messages.\n
  • Capability inventory: The skill allows the use of Bash and Read tools, providing a significant attack surface if the agent is deceived by injected instructions.\n
  • Sanitization: There is no evidence of sanitization or escaping of commit content before it is processed by the agent.\n- [COMMAND_EXECUTION] (MEDIUM): The skill relies on executing a local shell script (daily-commits.sh) and the GitHub CLI (gh). While these are used for the skill's core functionality, the lack of visibility into the script's source code means it cannot be verified for safe handling of shell arguments or potential injection vulnerabilities.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:51 AM