commit-helper
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- Indirect Prompt Injection (INFO): The skill processes untrusted data from git diffs. \n
- Ingestion points:
git diff --stagedoutput referenced in SKILL.md. \n - Boundary markers: Absent. \n
- Capability inventory: Text generation only; no file-write, network, or remote execution capabilities identified. \n
- Sanitization: Absent. Malicious comments in staged code could influence the generated commit message content. \n- Command Execution (INFO): The skill executes
git diff --stagedto retrieve staged changes. This is a local read-only operation necessary for the skill's stated purpose.
Audit Metadata