creating-commit
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Command Execution (MEDIUM): The skill automatically executes various build and linting tools based on project detection, including
npx tsc,cargo check, and./gradlew detekt. This is a risk factor because an attacker could place a malicious wrapper script (e.g., a hijackedgradlewor a maliciouspackage.jsonscript) in a repository to achieve local code execution when the agent attempts to 'verify' the commit. - Indirect Prompt Injection (LOW): The skill reads and analyzes file content and diffs to generate commit messages (Category 8).
- Ingestion points: File content and git diffs from the local repository (e.g.,
src/auth/login.tsin EXAMPLES.md). - Boundary markers: None detected in the provided documentation; the agent likely reads raw diff output.
- Capability inventory: Subprocess execution of
git,npx,cargo, and./gradlew(TROUBLESHOOTING.md). - Sanitization: No explicit sanitization or instructions to ignore embedded instructions in the ingested code are mentioned.
- External Downloads (LOW): The troubleshooting guide (TROUBLESHOOTING.md) suggests running
npm install, which downloads packages from the public npm registry. While a standard development practice, it involves external network operations to non-whitelisted domains if the agent executes these commands.
Audit Metadata