commit
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interacts with the Git CLI by executing multiple shell commands including status, diff, add, commit, and push. It uses a secure quoted heredoc (cat <<'EOF') to pass the generated commit message to the git command, which prevents accidental shell expansion of the message content.
- [PROMPT_INJECTION]: The skill includes instructions that guide the agent's behavior to proactively suggest commits and respond to varied user prompts. Additionally, it has a surface for indirect prompt injection as it processes untrusted data from 'git diff' to generate commit messages. Evidence for this surface: 1. Ingestion points: Output of 'git diff' in the workflow. 2. Boundary markers: Absent; the diff output is analyzed directly. 3. Capability inventory: Git command execution and remote pushing via shell. 4. Sanitization: Absent; the LLM processes raw file changes.
- [DATA_EXFILTRATION]: While the skill communicates with remote repositories via 'git push', it includes mandatory safety rules that forbid the staging or committing of '.env' files, credentials, or tokens, mitigating accidental data exposure.
- [SAFE]: No malicious patterns or security risks were identified beyond the inherent functional requirements of a Git automation tool.
Audit Metadata