Skills
skills/prowler-cloud/prowler/prowler-commit/Gen Agent Trust Hub

prowler-commit

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • Indirect Prompt Injection (LOW): The skill processes untrusted data from the local repository (file contents and history) to generate commit messages, which could theoretically contain malicious instructions.
  • Ingestion points: git status, git diff --stat HEAD, and git log -3 --oneline in SKILL.md.
  • Boundary markers: Absent; the skill does not use specific delimiters to separate untrusted diff data from instructions.
  • Capability inventory: git add and git commit commands in SKILL.md.
  • Sanitization: No technical sanitization of diff content is performed, though the 'Critical Rule' to 'ALWAYS ask for user confirmation before committing' serves as a primary human-in-the-loop mitigation.
  • Command Execution (SAFE): The skill uses standard git commands for local repository management. It explicitly forbids destructive operations like git push --force.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:11 PM