conventional-commits
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Prompt Injection] (SAFE): No instructions were found that attempt to override agent behavior, bypass safety filters, or extract system prompts. The content is strictly limited to commit message formatting rules.
- [Data Exposure & Exfiltration] (SAFE): There are no commands that access sensitive files, environment variables, or hardcoded credentials. No network operations (e.g., curl, fetch) are present.
- [Remote Code Execution] (SAFE): The skill does not download or execute any remote scripts. It does not contain any logic for dynamic code generation or execution.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted data (user descriptions of code changes) to generate formatted output.
- Ingestion points: User input provided when asked to "write a commit message".
- Boundary markers: Absent; the skill relies on the agent's natural processing of inputs.
- Capability inventory: No capabilities for subprocess calls, file writing, or network operations are defined in this skill.
- Sanitization: Absent. However, given the lack of executable capabilities, the risk is negligible.
Audit Metadata