Skills
skills/jburns24/skills/find-commit/Gen Agent Trust Hub

find-commit

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local git commands to retrieve repository history and commit metadata. \n
  • Evidence: The helper script scripts/search.py uses subprocess.run with argument lists for git log and git diff-tree. The manual fallback instructions in SKILL.md also suggest using subprocess.check_output with argument lists. \n
  • Security: By using lists instead of raw strings, the skill avoids shell injection vulnerabilities even when handling user-provided input like file paths or commit hashes. \n- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection via malicious git commit messages. \n
  • Ingestion points: Commit message bodies are ingested through git log in both the Python script and the manual fallback procedure. \n
  • Boundary markers: Content is extracted from HTML comments (<!-- generation-metadata ... -->), but the resulting text is displayed to the agent without delimiters or instructions to ignore embedded commands. \n
  • Capability inventory: The skill performs git read operations via subprocess and provides context that influences the agent's subsequent decision-making and planning. \n
  • Sanitization: There is no sanitization or escaping of the plan_contents or unplanned_changes fields, allowing an attacker with commit access to inject instructions that the agent might interpret as legitimate plan requirements.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 10:57 PM