Skills
skills/pony-unicorn/ai-coding-kit/git-commit/Gen Agent Trust Hub

git-commit

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION] (SAFE): The skill accesses local file contents via git diff and git status but lacks network capabilities to exfiltrate data. It includes an explicit warning to the agent to never commit sensitive files such as .env, credentials, or private keys.
  • [COMMAND_EXECUTION] (SAFE): The skill uses standard Git commands for staging and committing changes. It incorporates a 'Git Safety Protocol' that prohibits destructive actions (e.g., --force, hard reset) or modifications to global configurations without explicit user consent.
  • [PROMPT_INJECTION] (LOW): The skill presents an indirect prompt injection surface (Category 8) because it analyzes untrusted data from local file diffs to generate commit messages. Evidence Chain: 1. Ingestion points: Output of git diff. 2. Boundary markers: Absent. 3. Capability inventory: Local Git operations (add, commit). 4. Sanitization: No explicit sanitization of diff content before generating commit descriptions.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:11 PM