Git Commit Helper
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill's core functionality involves analyzing
git diffoutput, which is untrusted data from the codebase. - Ingestion points: The agent is instructed to read output from
git diff --stagedandgit diff --staged --statinSKILL.md. - Boundary markers: Absent. There are no instructions provided to the agent to treat the diff content as data only or to ignore instructions embedded within the code comments or strings in the diff.
- Capability inventory: The skill explicitly directs the agent to execute shell commands (
git status,git diff,git add,git commit). If the agent's output (the suggested commit message) is automatically used in a follow-upgit commit -mcommand, a malicious diff could influence the commit metadata. - Sanitization: Absent. There is no logic to filter or escape the content of the diffs before analysis.
- Command Execution (LOW): The skill relies on the agent's ability to execute shell commands to interact with the Git repository. While these are standard development tasks, they represent a local execution surface.
- Data Exposure (LOW): By analyzing
git diff --staged, the agent may be exposed to sensitive information (e.g., hardcoded keys or secrets) if they are accidentally staged by the user. This is an inherent risk of code-analysis skills.
Audit Metadata