skills/jeremylongshore/claude-code-plugins-plus-skills/generating-conventional-commits/Gen Agent Trust Hub
generating-conventional-commits
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The scripts
scripts/generate_commit_message.pyandscripts/suggest_commit_type.pyuse thesubprocessmodule to executegit diffcommands. This is used to programmatically retrieve code changes for analysis and is inherent to the skill's primary function. - [PROMPT_INJECTION]: The skill processes external, untrusted data (git diffs) that could contain malicious instructions designed to influence the AI's output (indirect prompt injection).
- Ingestion points: Untrusted diff content is ingested through
scripts/generate_commit_message.pyandscripts/suggest_commit_type.pyvia shell output or file reads. - Boundary markers: The skill does not implement explicit boundary markers or instructions to isolate the diff content from the agent's instructions.
- Capability inventory: The skill is configured with
allowed-tools: Bash(cmd:*), granting significant execution privileges to the agent. - Sanitization: No content sanitization is performed on the diff data before it is presented to the model for analysis.
Audit Metadata