Git Commit Format
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill processes repository content (files and diffs) to generate commit messages, creating a surface for indirect prompt injection. 1. Ingestion points: File content and git diffs used for commit descriptions. 2. Boundary markers: Absent; no delimiters or warnings to ignore instructions within the processed data. 3. Capability inventory: Subprocess execution via
make run-gitlint. 4. Sanitization: Absent. - [COMMAND_EXECUTION] (LOW): The skill instructs the agent to run
make run-gitlint. This is a standard development task but involves executing a local command whose behavior is determined by the project's Makefile. - [DATA_EXFILTRATION] (SAFE): The skill accesses Git identity information (name and email) to populate the 'Signed-off-by' footer. This is standard behavior for Git commits and does not involve sensitive credentials or hardcoded secrets.
Audit Metadata