commit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to perform multiple shell operations including
git status,git diff,git log, andgit commit. This provides a direct interface for local command execution which, while standard for git tasks, carries inherent risks if the agent is manipulated. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) because it processes external, untrusted content from the codebase and user input.
- Ingestion points: The skill reads external data via
git diffandgit log, and accepts freeform user instructions. - Boundary markers: There are no delimiters or instructions to ignore embedded commands within the diffs or logs.
- Capability inventory: The agent has the capability to execute shell commands (
git commit) and stage files based on processed content. - Sanitization: No sanitization or validation of the content being read or the generated commit message is implemented.
Recommendations
- AI detected serious security threats
Audit Metadata