git-conventional-commit
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local git commands including
git status,git diff,git log,git add, andgit commit. These are standard operations required for the skill's purpose of managing version control metadata. - [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill ingests untrusted data from the repository during the analysis phase. Ingestion points: File changes and repository status are read via
git statusandgit diff(SKILL.md). Boundary markers: No specific delimiters are used to wrap the ingested diff content. Capability inventory: The skill can performgit addandgit commitoperations (SKILL.md). Sanitization: The skill contains a specific security check in Step 2 to detect and warn the user about sensitive files and secrets before proceeding, which significantly mitigates the risk of accidental data exposure.
Audit Metadata