commit
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from the local repository via the
git diff --stagedcommand to generate commit messages. This creates an attack surface for indirect prompt injection, where malicious instructions embedded in staged file changes could influence the agent's behavior or the content of the generated commit. - Ingestion points: The output of
git diff --stagedis injected into the agent context via dynamic context execution inSKILL.md. - Boundary markers: The diff output is not enclosed in delimiters or accompanied by instructions to ignore embedded commands.
- Capability inventory: The skill utilizes the Bash tool to execute repository commands such as
git commitandgit show. - Sanitization: There is no evidence of sanitization or filtering of the diff output before it is processed by the model.
- [COMMAND_EXECUTION]: The skill executes multiple shell commands using the Bash tool. This includes dynamic context commands (
git status,git diff) run at skill load time and operational commands (git commit,git show) triggered by user action. Theallowed-toolsfrontmatter configuration restricts the Bash tool scope, which may impact the execution of commands not explicitly permitted by the platform's security policy.
Audit Metadata