git-commit-helper
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill executes
git diff --cachedto analyze staged changes. This is a standard operation required for its primary purpose of generating commit messages. No network exfiltration or credential access was detected. - [COMMAND_EXECUTION]: The skill utilizes standard version control commands (
git diff,git add,git commit) via the command line interface. These operations are local to the project environment and focused on development workflows. - [PROMPT_INJECTION]: The skill processes untrusted external data (the contents of the git diff). While this presents a surface for indirect prompt injection, the skill includes a mandatory human-in-the-loop checkpoint ('Present the commit message to the user for approval before committing'), which significantly mitigates the risk of the agent performing unauthorized actions based on code content.
Audit Metadata