commit-message-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is vulnerable to instructions embedded in the data it processes.
- Ingestion points: The skill reads untrusted data from the local file system via
git diff --stagedandgit logcommands. - Boundary markers: There are no explicit boundary markers or XML-style delimiters defined in the instructions to separate the untrusted diff content from the agent's instructions.
- Capability inventory: The skill has the capability to execute shell commands, specifically
git commit -m "...", which has side effects on the repository history. - Sanitization: No sanitization or filtering of the
git diffoutput is mentioned before it is processed by the LLM. - [Command Execution] (LOW): The skill explicitly uses shell commands (
git status,git diff,git commit). While these are intended for its core functionality, they represent a potential attack vector if the generated commit message is not properly escaped. The skill attempts to mitigate this using a quoted heredoc ('EOF'), which is a good security practice for preventing shell expansion.
Recommendations
- AI detected serious security threats
Audit Metadata