Skills
skills/laurigates/claude-plugins/git-commit-workflow/Gen Agent Trust Hub

git-commit-workflow

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes data from external sources that may contain untrusted content, such as commit logs, diffs, and GitHub issue titles.
  • Ingestion points: scripts/commit-context.sh reads output from git log, git status, git diff, and gh issue list.
  • Boundary markers: Not explicitly defined for the gathered context data.
  • Capability inventory: The skill uses the Bash tool to execute git and gh commands and has the ability to create commits via git commit.
  • Sanitization: None detected; the agent processes raw output from the tools.
  • [COMMAND_EXECUTION]: The skill makes legitimate use of shell commands through the Bash tool to interact with the version control system and project issues.
  • Evidence: Execution of git, gh, and jq in scripts/commit-context.sh and various git commands in SKILL.md.
  • [DATA_EXPOSURE_EXFILTRATION]: The skill fetches issue data from GitHub using the official CLI tool.
  • Evidence: gh issue list is used in scripts/commit-context.sh to retrieve open issues for commit linking. This targets a well-known service and is consistent with the skill's purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 09:36 PM