git-commit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Command Execution] (SAFE): The skill utilizes local shell commands (
git log,git diff,git status,git commit) strictly for repository management. These commands are well-defined, do not use elevated privileges (no sudo), and are essential for the skill's primary function of commit message generation. - [Indirect Prompt Injection] (LOW): The skill processes untrusted data from git logs and file diffs which could potentially harbor injection attempts.
- Ingestion points: Outputs from
git log -5 --pretty=format:"%s"andgit diff --stat. - Boundary markers: None explicitly defined in the prompts to distinguish between existing commit messages and agent instructions.
- Capability inventory: Uses
git add,git commit, andgit commit --amendto modify local repository state. - Sanitization: No specific sanitization or filtering of commit message content is implemented.
- [Data Exposure & Exfiltration] (SAFE): The skill explicitly includes a warning to 'Avoid sensitive information' such as passwords and keys. It performs no network operations (curl, wget, or API calls) and does not access sensitive system paths outside the repository.
Audit Metadata