git-commits
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to execute a shell script with parameters provided by the user without any sanitization.
- Evidence: The command
bash "$CLAUDE_PROJECT_DIR/.claude/scripts/generate-reasoning.sh" <hash> "<message>"is provided in SKILL.md. - Risk: If a user provides a commit message containing shell metacharacters (e.g., "; rm -rf /"), the agent will execute them, leading to arbitrary code execution.
- [PROMPT_INJECTION] (LOW): The skill creates an indirect prompt injection surface by processing untrusted data through sensitive shell tools.
- Ingestion points: User-provided strings for , , and in SKILL.md.
- Boundary markers: Absent; the skill does not use delimiters or warnings to prevent the agent from obeying instructions embedded in commit messages.
- Capability inventory: Execution of bash scripts and git commands.
- Sanitization: Absent; the instructions favor direct interpolation of variables into command lines.
Recommendations
- AI detected serious security threats
Audit Metadata