scm
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill possesses an indirect prompt injection surface as it is designed to process external untrusted data such as git logs, commit messages, and pull request bodies. 1. Ingestion points: Pull request templates and git diff/log commands defined in SKILL.md. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the git data are provided. 3. Capability inventory: The skill is granted 'Bash', 'Write', and 'Edit' tools, allowing for substantial file and system interaction. 4. Sanitization: There is no evidence of escaping or sanitizing data before it is processed or used in prompts.
- COMMAND_EXECUTION (SAFE): The Bash tool usage is limited to legitimate version control and project maintenance commands (git, npm). No suspicious execution patterns or privilege escalation attempts were detected.
- DATA_EXFILTRATION (SAFE): No evidence of data exfiltration or credential harvesting. The skill includes proactive instructions to ensure secrets and credentials are not committed to source control.
Audit Metadata