Skills
skills/olino3/forge/commit-helper/Gen Agent Trust Hub

commit-helper

Fail

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8).
  • Ingestion points: The skill reads raw content from git diff (File: SKILL.md, Step 1), which is untrusted data that could be controlled by an external attacker (e.g., via a Pull Request).
  • Boundary markers: There are no boundary markers or instructions telling the agent to treat the diff content strictly as data or to ignore embedded commands.
  • Capability inventory: The skill has the ability to write to persistent storage via memoryStore.update and execute shell commands like git diff and git commit (File: SKILL.md, Optional Step and Step 3).
  • Sanitization: No sanitization or validation is performed on the ingested diff content before it is processed by the LLM.
  • [COMMAND_EXECUTION] (MEDIUM): The skill executes local shell commands and generates command strings for the user to execute.
  • Evidence: Explicit instructions to run git diff --staged and git commit (File: SKILL.md).
  • Risk: While these are standard git operations, the lack of sanitization for the data being processed (the diff) means an injection could potentially manipulate the generated command or the state of the local repository.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 13, 2026, 09:42 PM