commit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill resolves and executes a script (commit-guard.py) from project-scoped paths (e.g., ./.claude/skills/commit) before checking user-scoped directories. This allows an attacker to plant a malicious script in a repository that will be executed when a user invokes the commit skill. Evidence: SKILL.md Step 7.
- [COMMAND_EXECUTION] (HIGH): Step 5 directs the agent to execute arbitrary verification steps (tests, lint, formatting) found in the repository. Untrusted repositories can configure these hooks to execute malicious code, leading to compromise of the agent's environment. Evidence: SKILL.md Step 5.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). Ingestion points: Untrusted repository files like AGENTS.md, README.md, and git log (Step 1). Boundary markers: None present to delimit untrusted repo content. Capability inventory: High-impact actions including file modification (git add), network operations (git push), and script execution (python). Sanitization: No sanitization of ingested content is performed. Evidence: SKILL.md Step 1.
Recommendations
- AI detected serious security threats
Audit Metadata