commit-message
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified. The skill's behavior is consistent with its stated purpose of assisting with git commit workflows.
- [COMMAND_EXECUTION]: The skill uses
git diff --cachedto read staged changes. This is a standard and safe command for retrieving technical context necessary to generate commit messages. - [PROMPT_INJECTION]: The skill processes untrusted data from the local repository's git diff. Although it lacks explicit delimiters to quarantine the diff content, the risk is categorized as safe given the localized read-only scope.
- Ingestion points: staged git diff output (SKILL.md).
- Boundary markers: Absent.
- Capability inventory: Read-only access to git staged diffs via system command.
- Sanitization: Absent.
Audit Metadata