commit-message-generator
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [Prompt Injection / Category 8] (LOW): The skill processes untrusted external data (git diffs) to generate commit messages, creating an indirect prompt injection surface. 1. Ingestion points: user-provided change descriptions and git diff output. 2. Boundary markers: Absent; no delimiters are used to separate user data from instructions. 3. Capability inventory: Limited to text generation; no high-privilege tool calls or command execution capabilities are defined. 4. Sanitization: Absent; the skill does not suggest filtering or escaping input.
- [No Code] (LOW): The skill consists entirely of Markdown instructions and examples with no active scripts, binaries, or automated installation logic.
Audit Metadata