git-commit
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several local git commands (
git status,git diff --cached,git diff, andgit log) to analyze the repository's current state and history. These commands are legitimate and necessary for the skill's intended purpose. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content that could be influenced by external actors (e.g., in a collaborative repository). * Ingestion points: Untrusted data enters the context through the output of
git diffandgit logcommands. * Boundary markers: The skill does not use specific delimiters or instructions to prevent the agent from following commands that might be embedded within the source code diffs or commit history. * Capability inventory: The skill can execute shell commands (git) and propose commit messages for execution. * Sanitization: There is no sanitization or escaping of the content fetched from the git repository before it is provided to the agent for analysis.
Audit Metadata