Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/generating-conventional-commits/Gen Agent Trust Hub

generating-conventional-commits

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash(cmd:*) tool to execute git commands for diff analysis. This represents a high-privilege capability that could be leveraged if the agent follows malicious instructions.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests untrusted data from git repositories.
  • Ingestion points: Diff content is retrieved via get_git_diff and get_diff_from_file in scripts/generate_commit_message.py and scripts/suggest_commit_type.py.
  • Boundary markers: There are no markers or instructions within the scripts to delimit untrusted diff content from agent instructions.
  • Capability inventory: The skill allows access to powerful tools including Bash, Write, Edit, Grep, and Glob (as defined in SKILL.md) and performs subprocess calls in scripts/generate_commit_message.py and scripts/suggest_commit_type.py.
  • Sanitization: The scripts do not sanitize or filter the content of the diffs before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 01:54 AM