conventional-commits
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill contains no instructions designed to bypass agent constraints or safety filters. All instructions are focused on formatting commit messages.
- [DATA_EXFILTRATION] (SAFE): No patterns for reading sensitive files or sending data to external domains were found. The workflow involves local operations on repository metadata.
- [EXTERNAL_DOWNLOADS] (SAFE): References well-known, trusted Node.js packages (@commitlint and husky) used for standard development workflows.
- [COMMAND_EXECUTION] (SAFE): The shell command examples provided (e.g., git diff) are legitimate for the intended purpose and do not suggest privilege escalation or malicious intent.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes potentially untrusted repository data to generate summaries. 1. Ingestion points: repository diffs and file names. 2. Boundary markers: Absent. 3. Capability inventory: Limited to text generation; no automatic execution of subprocesses or network operations. 4. Sanitization: Absent. Findings are consistent with a text-formatting utility.
Audit Metadata