git-pushing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill executes a local bash script
smart_commit.shand passes user-supplied input as a command-line argument. This is a classic injection vector where a malicious message could terminate the git command and execute arbitrary shell commands. - [DATA_EXFILTRATION] (MEDIUM): The workflow automatically stages 'all changes'. This behavior risks including sensitive files such as
.envor credentials that may not be covered by.gitignore, which are then transmitted to an external remote repository. - [INDIRECT PROMPT INJECTION] (HIGH): The skill processes untrusted user input (the commit message) and has high-privilege capabilities including file system access and network operations (git push). There are no boundary markers or sanitization logic present in the instructions to prevent the agent from obeying instructions embedded in a user's requested commit message.
Recommendations
- AI detected serious security threats
Audit Metadata