commit
Warn
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The Troubleshooting section includes an instruction to execute
echo $GPG_PASSPHRASE. If an agent follows this logic during a failure state, it would output the plaintext secret to the console or log files, resulting in credential exposure. - [COMMAND_EXECUTION]: The skill uses
bashto interact withgitandgpg. It specifically utilizes process substitution (<(echo "$GPG_PASSPHRASE")) within a shell script to pipe sensitive environment variables into the GPG binary for credential caching. - [PROMPT_INJECTION]: This skill is vulnerable to indirect prompt injection.
- Ingestion points: Reads repository state and changes via
git statusandgit diff(SKILL.md). - Boundary markers: None identified; diff content is processed directly to generate commit messages and logic.
- Capability inventory: Execution of
git commitand arbitrarybashcommands (SKILL.md). - Sanitization: No validation or escaping of the diff content is performed before it is used to influence the agent's natural language output and command generation.
Audit Metadata