commit-staged
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
git branchandgit diffcommands to gather necessary context for commit message generation. These are informational, local-only operations defined in Step 1 of the workflow. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes branch names and code diffs which could contain malicious instructions. Evidence chain: 1. Ingestion points:
git branchandgit diffoutputs are processed in Step 1 and 2. 2. Boundary markers: The workflow does not specify delimiters or instructions to ignore embedded commands within the diff. 3. Capability inventory: The skill performs local read-only git operations and generates a shell command for the user to execute. 4. Sanitization: No sanitization of the input data is performed prior to prompt interpolation.
Audit Metadata