commit
Fail
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill has a high-risk attack surface for indirect injection. It processes untrusted data from the local repository and has the authority to execute state-changing git commands.
- Ingestion points: The skill reads file contents and changes using
git statusandgit diff. - Boundary markers: There are no instructions provided to the agent to treat file content as data only or to ignore instructions found within the code diffs.
- Capability inventory: The skill can execute
git addandgit committo modify the repository state. - Sanitization: No sanitization or validation of the file content is performed before the agent processes it to generate commit messages or decide on staging.
- Command Execution (LOW): The skill uses standard git commands (
git status,git diff,git add,git commit). While these are legitimate for a git-focused skill, they provide the mechanism through which an indirect prompt injection could be weaponized.
Recommendations
- AI detected serious security threats
Audit Metadata