commit-messages
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill is entirely composed of Markdown text providing instructions on Conventional Commits. It does not include any scripts, commands, or external dependencies.
- [DATA_EXPOSURE] (SAFE): There are no commands that access the file system, environment variables, or sensitive credentials.
- [REMOTE_CODE_EXECUTION] (SAFE): No external code is downloaded or executed. The skill does not reference any remote scripts or untrusted packages.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted user data (git diffs and commit descriptions) to generate summaries. Evidence Chain: 1. Ingestion points: User-provided diffs and change descriptions at runtime. 2. Boundary markers: Absent. 3. Capability inventory: Purely text-based output; no subprocess, file-write, or network capabilities detected. 4. Sanitization: Absent. Because the skill has no dangerous capabilities, this surface cannot be used for high-severity exploitation.
Audit Metadata