Git Smart Commit
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard git commands (
git status,git diff,git add,git commit) to manage the local repository state. This is the intended behavior and is transparently documented in the skill instructions. - [PROMPT_INJECTION]: The skill analyzes file changes via
git diff, which introduces a surface for indirect prompt injection from local file content. This risk is managed by the agent's internal safety guardrails and the mandatory 'Commit Plan' review required from the user. 1. Ingestion points:git diffandgit statusoutput. 2. Boundary markers: None specified in the instructions. 3. Capability inventory: File staging and committing viagit. 4. Sanitization: None specified; the skill relies on the agent's reasoning capabilities. - [SAFE]: The skill includes high-quality security features such as a 'Commit Plan' for user approval before execution and explicit checks to prevent the accidental commitment of sensitive files like
.env, which protects against credential exposure.
Audit Metadata