git-commit-message

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires the agent to read diffs and file contents and embed the "actual changes" into a commit message that is output and executed as a git command, so any secrets in those files would be included verbatim and exfiltrated.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill explicitly instructs the agent to run git commands (git add && git commit via run_command) and to read file contents, which causes the agent to modify the repository and local files (i.e., change machine state), though it does not request sudo, create users, or alter system-level configs.