commit-poet
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses the
$ARGUMENTSvariable to incorporate user input directly into its reasoning context. This creates a surface where a user could provide text that attempts to override the skill's instructions or logic.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes the output ofgit diff. If a repository contains maliciously crafted code comments or content designed to trigger the LLM, it could influence the poetic output or the final commit message summary.\n - Ingestion points: Reads
git diff --cachedandgit diffoutput inSKILL.md.\n - Boundary markers: Absent; the diff content is analyzed without delimiters or specific instructions to ignore embedded commands.\n
- Capability inventory: Uses the
Bashtool to executegit diffandgit commitcommands acrossSKILL.md.\n - Sanitization: Absent; the skill does not filter or escape the content of the diff or user arguments before processing them.- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to perform repository operations. While it includes a user confirmation step, the generated commit message—which could be influenced by injected content—is passed into thegit commit -mcommand. The skill relies on the underlying platform's tool-calling implementation to prevent shell injection, but the instruction itself links untrusted data to command execution.
Audit Metadata