conventional-commit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted data (staged code diffs) to generate commit messages, which is a potential vector for indirect prompt injection.
- Ingestion points: The skill reads external data via
git diff --cachedas defined in the Workflow section ofSKILL.md. - Boundary markers: There are no explicit delimiters or instructions to ignore embedded content within the diff data.
- Capability inventory: The skill has the capability to execute
git commit, which writes to the local repository. - Sanitization: The skill includes a 'Prohibited Content' section that limits what the agent can include in the output, providing some mitigation against malicious data influence.
- Command Execution (SAFE): The skill uses
git diffandgit commit. These are standard tools for version control and are used here within their intended scope. No evidence of shell injection or unauthorized command execution was detected. - Data Exposure & Exfiltration (SAFE): While the skill reads codebase changes, it does not attempt to access sensitive files (like
.envor SSH keys) nor does it perform any network operations to send data externally.
Audit Metadata