git-commit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill directs the agent to execute 'ls' and 'git log' commands to identify project-specific commit conventions and configuration files. These are restricted, read-only operations necessary for the skill's functionality and restricted to the local repository metadata.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted data from 'git log' (ingestion point) without explicit boundary markers or sanitization. An attacker with the ability to contribute to the repository could include malicious instructions in commit messages to influence the agent's formatting or decisions. However, the risk is low as the agent uses the data primarily for pattern recognition before performing its final 'git commit' capability.
Audit Metadata