auto-commit
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it processes untrusted data from the local repository.
- Ingestion points: Staged file contents are read into the agent's context via the
git diff --cachedcommand as defined in the agent instructions. - Boundary markers: The instructions do not define clear delimiters or specific directives to prevent the agent from potentially executing instructions found within the code diff.
- Capability inventory: The skill has the capability to execute shell commands, specifically
git commit, which modifies the repository state. - Sanitization: There is no evidence of sanitization or filtering of the diff content before it is processed by the agent's analysis logic.
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute local system commands to fulfill its purpose.
- Evidence: The workflow explicitly requires the use of
git diff --cachedto gather data andgit committo perform actions.
Audit Metadata