Skills
skills/pc-style/pc-skills/git-commit/Gen Agent Trust Hub

git-commit

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Prompt Injection] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) as it processes untrusted file content to generate commit messages.
  • Ingestion points: File content and changes are ingested via git diff and git diff --staged in SKILL.md.
  • Boundary markers: None. There are no delimiters or explicit instructions to the agent to treat diff content as data rather than instructions.
  • Capability inventory: The agent can execute arbitrary shell commands via the Bash tool, specifically git add and git commit.
  • Sanitization: No sanitization or escaping of the diff content is performed before the agent analyzes it.
  • [Command Execution] (MEDIUM): The skill uses the Bash tool to execute git commands. While the commands themselves are standard, the input to these commands (file paths and generated commit messages) is derived from untrusted external sources (the repository being analyzed), which could lead to command injection if the agent is subverted.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 12:17 AM