git-committing
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates untrusted data from git diffs and logs directly into prompts for commit message generation. This could allow malicious content in a repository to influence the agent's behavior.
- Ingestion points: Staged changes (git diff --staged) and commit history (git log) are read in SKILL.md (Step 2 and Step 2c).
- Boundary markers: The prompt templates in SKILL.md interpolate variables like {DIFF} and {RECENT_LOG} without using delimiters (such as XML tags) or explicit instructions to the agent to ignore any commands found within that data.
- Capability inventory: The skill can execute shell commands (git commit) and write local files, which could be misused if an injection occurs.
- Sanitization: No sanitization or filtering is performed on the repository data before it is passed to the LLM.
Audit Metadata