commit-message
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it instructs the agent to analyze external, potentially untrusted data such as git diffs, commit history, and issue tracker references. Evidence: 1. Ingestion points: Git diff output, recent commit history, and issue tracker references (SKILL.md). 2. Boundary markers: Absent. No specific delimiters or warnings provided to ignore instructions within analyzed data. 3. Capability inventory: None. The skill only generates text and does not execute commands or write files. 4. Sanitization: Absent.
- NO_CODE (SAFE): The skill consists solely of instructional markdown and does not include any executable scripts, binaries, or configuration files.
Audit Metadata