Skills
skills/mubshrx/agent-skills/commit-staged/Gen Agent Trust Hub

commit-staged

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs local command execution by running git branch and git diff to gather context from the user's repository for generating conventional commit messages.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes the raw output of git diff, which contains untrusted content from the files being committed. An attacker could embed instructions in a file's content to manipulate the generated commit message or influence the agent's behavior.\n
  • Ingestion points: git diff --staged and git diff --staged --stat output as described in SKILL.md.\n
  • Boundary markers: None. Staged content is processed without delimiters or instructions to ignore embedded commands.\n
  • Capability inventory: Shell command execution for git operations.\n
  • Sanitization: None detected; the skill relies on the LLM to process raw diff text directly.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 07:44 PM