commit
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly susceptible to indirect prompt injection because it processes the content of file diffs to determine its next actions.
- Ingestion points:
SKILL.mdusesgit diff --cached --statandgit diff --statto populate context for the LLM. - Boundary markers: Absent. There are no delimiters or instructions to the model to ignore natural language instructions found within the code being analyzed.
- Capability inventory: The skill has
Bash(git :*)permissions and is instructed to performgit add .,git commit, andgit pushautomatically. - Sanitization: Absent. The LLM processes raw diff statistics and potentially file contents without sanitization.
- [Command Execution] (MEDIUM): The skill executes Git commands that modify and export data (pushing to a remote repository) without human oversight.
- The 'NO INTERACTION' and 'AUTO-PUSH' rules in
SKILL.mdensure that any malicious influence from an indirect prompt injection results in immediate, non-reversible actions in the repository.
Recommendations
- AI detected serious security threats
Audit Metadata