smart-commit
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted data enters the agent context via the
git diff --stagedcommand described in Step 2 of theSKILL.mdfile. - Boundary markers: There are no delimiters or explicit instructions provided in the workflow to ensure the agent ignores embedded instructions within the source code diffs it analyzes.
- Capability inventory: The agent has the capability to modify the repository state through
git add -Aandgit commitcommands, which are executed as part of its primary workflow. - Sanitization: The skill lacks any mechanism to sanitize or validate the content of the diff output before the agent uses it to generate and execute a commit, creating a surface for an attacker to influence the resulting commit message or agent behavior.
Audit Metadata