commit
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on standard git CLI tools, including status, diff, add, and commit, to perform its core functions. These operations are conducted within the local repository environment.
- [PROMPT_INJECTION]: Includes the instruction 'Proceed without confirmation,' which grants the agent autonomy to stage changes and create commits without per-step user approval.
- [PROMPT_INJECTION]: The skill processes untrusted input from git diffs, creating a potential surface for indirect prompt injection. Evidence chain for Category 8:
- Ingestion points: Data enters the agent context via output from
git statusandgit diff. - Boundary markers: The skill uses bash heredoc syntax (
cat <<'EOF') to wrap generated commit messages, helping to prevent shell injection but not necessarily isolating instructions embedded in diff data. - Capability inventory: The skill can modify the local file system and repository state using
gitcommands. - Sanitization: No explicit filtering or sanitization of the content retrieved from git commands is implemented before the agent processes it.
Audit Metadata