git-commit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its core operational logic.
- Ingestion points: Step 4 ('Analyze changes') explicitly reads the output of
git diff --cachedand the chat transcript to determine change types and extract descriptions. - Boundary markers: No markers are defined to separate untrusted diff data or transcript content from the agent's instructions.
- Capability inventory: The skill has powerful write and network capabilities, including
git commit,git push, andgt stack submit(Graphite CLI). - Sanitization: No sanitization or validation of the ingested data is mentioned. Malicious instructions embedded in code comments within a diff could manipulate the agent into crafting deceptive commit messages or performing unintended pushes.
- COMMAND_EXECUTION (MEDIUM): The skill constructs and executes shell commands (Step 6 and 7) using arguments and analysis derived from potentially tainted data. Without explicit sanitization of these inputs, there is a risk of command argument injection.
- EXTERNAL_DOWNLOADS (LOW): The skill directs the user to an external source (
https://graphite.dev/docs/installing-the-cli) to download the Graphite CLI. While Graphite is a known developer tool, this external reference remains outside the strict pre-defined trusted source list, though it is considered low risk in this context.
Recommendations
- AI detected serious security threats
Audit Metadata