commit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill uses string interpolation to build shell commands such as
git commit -m "<subject>". If the input from the prompt or the repository (viagit diff) contains shell metacharacters, it could lead to arbitrary command execution on the host machine. - [PROMPT_INJECTION] (HIGH): This skill provides a surface for indirect prompt injection. Ingestion points: The skill reads data from
git status,git diff, andgit log(SKILL.md steps 2-3). Boundary markers: There are no delimiters or instructions used to isolate untrusted repository content from the agent's logic. Capability inventory: The skill has the capability to execute subprocesses and write to the local git repository (SKILL.md step 6). Sanitization: No sanitization or escaping is performed on the data retrieved from the repository before it is included in command arguments. This allows malicious content within a codebase to influence the agent's actions or the resulting commit metadata.
Recommendations
- AI detected serious security threats
Audit Metadata