safe-commit
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill employs aggressive imperative language (e.g., 'MANDATORY', 'CRITICAL', 'STOP', 'FORBIDDEN') in both the body and metadata to override the agent's core behavior regarding git operations. This is a behavioral override pattern designed to hijack the standard tool selection process.
- PROMPT_INJECTION (LOW): Category 8 (Indirect Prompt Injection): The 'PRD Task Auto-Update' feature in
references/PRD-TASK-UPDATE.mdingests data from commit messages to perform file modifications. - Ingestion points: Commit logs and PRD files in the project root or
/docsdirectory. - Boundary markers: None; the skill relies on simple pattern matching (
[Task N]) without delimiters or instruction-bypass warnings. - Capability inventory: Shell command execution via bash and git, and file writing capabilities to modify project specifications.
- Sanitization: No sanitization or validation of the task ID or the content being injected into the PRD files is performed.
- COMMAND_EXECUTION (SAFE): The skill utilizes bash for git operations and parallel status checks (
git status & git diff). While this involves shell execution, it is consistent with the skill's stated purpose and does not involve untrusted remote sources.
Audit Metadata