commit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill executes a bash command
bash "$CLAUDE_PROJECT_DIR/.claude/scripts/generate-reasoning.sh" <hash> "<message>"where the message is AI-generated. This is vulnerable to shell injection if the message contains metacharacters like backticks or semicolons. - [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection. 1. Ingestion points: Untrusted data enters via
git diffand conversation history (SKILL.md step 1). 2. Boundary markers: None are used to separate user data from instructions. 3. Capability inventory: The agent has the ability to execute bash commands (SKILL.md step 5). 4. Sanitization: No sanitization is performed on the generated<message>argument. An attacker could craft changes in a file that trick the AI into generating a malicious commit message, leading to arbitrary code execution.
Recommendations
- AI detected serious security threats
Audit Metadata