Skills
skills/laurigates/claude-plugins/git-commit-workflow/Gen Agent Trust Hub

git-commit-workflow

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes a local helper script scripts/commit-context.sh and standard Git commands to gather repository state and metadata.
  • [EXTERNAL_DOWNLOADS]: Fetches open issue titles and numbers from GitHub using the official gh CLI for commit message referencing. This targets a well-known and trusted service.
  • [PROMPT_INJECTION]: Contains a potential surface for indirect prompt injection through the processing of untrusted data (Git diffs, commit history, and GitHub issue titles) which are used to inform the agent's commit message generation.
  • Ingestion points: scripts/commit-context.sh retrieves repository status, diffs, and external GitHub issue metadata.
  • Boundary markers: The script uses clear textual delimiters (e.g., --- STATUS ---, --- OPEN ISSUES ---) to separate different data types in the output.
  • Capability inventory: The agent possesses Bash and Read tools, enabling it to execute commands and read file content.
  • Sanitization: No explicit sanitization or filtering is performed on external issue titles or internal Git metadata before presentation to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 03:43 PM