commit-elegant
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard git commands including
git status,git add,git diff, andgit commit. It also dynamically detects and runs project-specific verification commands (such as linting or testing) found in configuration files likepackage.jsonorMakefile. These actions are core to the skill's documented workflow. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the ingestion and analysis of untrusted data from the local repository environment.
- Ingestion points: It reads content from
package.json,Makefile, and the output ofgit diff --stagedto generate commit messages and suggest logical splits. - Boundary markers: No explicit delimiters or instructions are provided to the agent to prevent it from following malicious instructions that might be embedded within project files or code diffs.
- Capability inventory: The skill can execute shell commands and modify the repository's git state.
- Sanitization: The skill does not perform validation or sanitization of the content read from the repository before processing it.
Audit Metadata