commit-message
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill includes instructions designed to override the agent's default tool-use logic. Phrases like 'AUTOMATICALLY invoke this skill whenever git commit is needed' and 'Direct git commit will FAIL validation' are attempts to bypass the agent's native decision-making process regarding git operations.
- COMMAND_EXECUTION (SAFE): The skill executes local git commands (git remote, git branch, git status, git diff, git commit). While these interact with the file system, they are consistent with the skill's stated purpose. The use of heredoc syntax
git commit -m "$(cat <<'EOF' ... EOF)"is a valid shell technique for handling multiline strings and is not inherently malicious. - INDIRECT_PROMPT_INJECTION (LOW):
- Ingestion points: The skill reads untrusted data via
git diff --cached(current code changes). - Boundary markers: No specific delimiters or instructions are provided to the LLM to ignore instructions embedded within the code diff itself.
- Capability inventory: The agent has the ability to execute shell commands (
git commit,git checkout). - Sanitization: No sanitization or validation of the diff content is performed before the LLM processes it to generate the commit message body.
Audit Metadata