ask-commit-assistance
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill analyzes local file content to generate reviews and commit messages, which is a surface for indirect prompt injection. This is considered safe as the skill requires manual user intervention for any state-changing commands. \n
- Ingestion points: Local files identified via
git statusandgit diffare read during the workflow. \n - Boundary markers: No explicit markers or instructions to ignore embedded commands are present in the workflow. \n
- Capability inventory: The skill can stage files via
git addand generate shell commands for the user to execute. \n - Sanitization: There is no explicit sanitization or filtering of the content read from files before processing. \n- [COMMAND_EXECUTION]: The skill uses local Git CLI tools (
git status,git add) as part of its core utility. It avoids automated commits, presenting them instead for the user to review and run manually.
Audit Metadata