commit
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a defined set of git commands (status, diff, add, commit, log) via the Bash tool to automate version control tasks. Access is restricted to these specific git subcommands.\n- [DATA_EXFILTRATION]: While the skill reads repository diffs, it includes an explicit security guard that scans for sensitive information such as API keys, passwords, and private keys, terminating the process if any are found.\n- [PROMPT_INJECTION]: The skill manages potential indirect prompt injection from codebase content by incorporating human-review checkpoints (via AskUserQuestion) and explicitly checking for debug artifacts or unintended file changes.
Audit Metadata