git-commit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill uses local Git commands such as
git status,git diff, andgit committo manage version control. These are standard operations for a developer tool and do not involve unauthorized shell access or administrative privileges. - DATA_EXFILTRATION (SAFE): No network operations, external URLs, or data transmission patterns were found. The skill does not communicate with external servers.
- CREDENTIALS_UNSAFE (SAFE): No hardcoded API keys, tokens, or private credentials were found. The skill interacts with the local Git configuration which is expected behavior.
- INDIRECT_PROMPT_INJECTION (LOW):
- Ingestion points: Untrusted data enters the context via
git diffanalysis in the 'Analyze Changes' step. - Boundary markers: No specific delimiters are used to wrap the code diff output.
- Capability inventory: The agent can execute
git addandgit commit(subprocess calls). - Sanitization: No explicit sanitization or filtering of the code content is performed. While an attacker could put malicious instructions in a code comment, the impact is limited to influencing the generated commit message text which the user is prompted to confirm.
Audit Metadata